CVE-2020-6096 -- glibcID: oval:org.secpod.oval:def:2002468 | Date: (C)2020-09-23 (M)2023-11-16 |
Class: VULNERABILITY | Family: unix |
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy with a negative value for the "num" parameter results in a signed comparison vulnerability. If an attacker underflows the "num" parameter to memcpy, this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
Platform: |
Debian 10.x |
Debian 9.x |