musl: wcsnrtombs destination buffer overflow (CVE-2020-28928)ID: oval:org.secpod.oval:def:1801699 | Date: (C)2020-12-22 (M)2023-11-28 |
Class: PATCH | Family: unix |
The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress or writing past the end of the destination buffera.
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.9 |