VDB

DEBIAN-CVE-2020-1752

DEBIAN-CVE-2020-1752 PUBLISHED CVSS 7 HIGH

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Risk Scores

CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:13glibc0, 0, 0
Debian:12glibc0, 0, 0
Debian:11glibc0, 0, 0
Debian:14glibc0, 0, 0

Timeline

  • Apr 30, 2020 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›