VDB
DEBIAN-CVE-2020-1752
DEBIAN-CVE-2020-1752
PUBLISHED
CVSS 7 HIGH
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | glibc | 0, 0, 0 |
| Debian:12 | glibc | 0, 0, 0 |
| Debian:11 | glibc | 0, 0, 0 |
| Debian:14 | glibc | 0, 0, 0 |
Timeline
- Apr 30, 2020 CVE Published
- Apr 28, 2026 CVE Updated