OUTSOURCED CYBERSECURITY SUPPORT AND MANAGED SERVICES

Vulnerability & Exploit Database

Vulnerabilities and exploits collected over reliable resources for security professionals and researchers to review

Amazon Linux AMI 2: CVE-2020-6096: Security patch for glibc (ALAS-2021-1605)

Severity:
7
CVSS:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published:
04/01/2020
Created:
02/23/2020
Added:
02/22/2020
Modified:
02/22/2020

Description:

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.'

Solution(s)


  • amazon-linux-ami-2-upgrade-glibc
  • amazon-linux-ami-2-upgrade-glibc-all-langpacks
  • amazon-linux-ami-2-upgrade-glibc-benchtests
  • amazon-linux-ami-2-upgrade-glibc-common
  • amazon-linux-ami-2-upgrade-glibc-debuginfo
  • amazon-linux-ami-2-upgrade-glibc-debuginfo-common
  • amazon-linux-ami-2-upgrade-glibc-devel
  • amazon-linux-ami-2-upgrade-glibc-headers
  • amazon-linux-ami-2-upgrade-glibc-langpack-aa
  • amazon-linux-ami-2-upgrade-glibc-langpack-af
  • amazon-linux-ami-2-upgrade-glibc-langpack-ak
  • amazon-linux-ami-2-upgrade-glibc-langpack-am
  • amazon-linux-ami-2-upgrade-glibc-langpack-an
  • amazon-linux-ami-2-upgrade-glibc-langpack-anp
  • amazon-linux-ami-2-upgrade-glibc-langpack-ar
  • amazon-linux-ami-2-upgrade-glibc-langpack-as
  • amazon-linux-ami-2-upgrade-glibc-langpack-ast
  • amazon-linux-ami-2-upgrade-glibc-langpack-ayc
  • amazon-linux-ami-2-upgrade-glibc-langpack-az
  • amazon-linux-ami-2-upgrade-glibc-langpack-be
  • amazon-linux-ami-2-upgrade-glibc-langpack-bem
  • amazon-linux-ami-2-upgrade-glibc-langpack-ber
  • amazon-linux-ami-2-upgrade-glibc-langpack-bg
  • amazon-linux-ami-2-upgrade-glibc-langpack-bhb
  • amazon-linux-ami-2-upgrade-glibc-langpack-bho
  • amazon-linux-ami-2-upgrade-glibc-langpack-bn
  • amazon-linux-ami-2-upgrade-glibc-langpack-bo
  • amazon-linux-ami-2-upgrade-glibc-langpack-br
  • amazon-linux-ami-2-upgrade-glibc-langpack-brx
  • amazon-linux-ami-2-upgrade-glibc-langpack-bs
  • amazon-linux-ami-2-upgrade-glibc-langpack-byn
  • amazon-linux-ami-2-upgrade-glibc-langpack-ca
  • amazon-linux-ami-2-upgrade-glibc-langpack-ce
  • amazon-linux-ami-2-upgrade-glibc-langpack-chr
  • amazon-linux-ami-2-upgrade-glibc-langpack-cmn
  • amazon-linux-ami-2-upgrade-glibc-langpack-crh
  • amazon-linux-ami-2-upgrade-glibc-langpack-cs
  • amazon-linux-ami-2-upgrade-glibc-langpack-csb
  • amazon-linux-ami-2-upgrade-glibc-langpack-cv
  • amazon-linux-ami-2-upgrade-glibc-langpack-cy
  • amazon-linux-ami-2-upgrade-glibc-langpack-da
  • amazon-linux-ami-2-upgrade-glibc-langpack-de
  • amazon-linux-ami-2-upgrade-glibc-langpack-doi
  • amazon-linux-ami-2-upgrade-glibc-langpack-dv
  • amazon-linux-ami-2-upgrade-glibc-langpack-dz
  • amazon-linux-ami-2-upgrade-glibc-langpack-el
  • amazon-linux-ami-2-upgrade-glibc-langpack-en
  • amazon-linux-ami-2-upgrade-glibc-langpack-eo
  • amazon-linux-ami-2-upgrade-glibc-langpack-es
  • amazon-linux-ami-2-upgrade-glibc-langpack-et
  • amazon-linux-ami-2-upgrade-glibc-langpack-eu
  • amazon-linux-ami-2-upgrade-glibc-langpack-fa
  • amazon-linux-ami-2-upgrade-glibc-langpack-ff
  • amazon-linux-ami-2-upgrade-glibc-langpack-fi
  • amazon-linux-ami-2-upgrade-glibc-langpack-fil
  • amazon-linux-ami-2-upgrade-glibc-langpack-fo
  • amazon-linux-ami-2-upgrade-glibc-langpack-fr
  • amazon-linux-ami-2-upgrade-glibc-langpack-fur
  • amazon-linux-ami-2-upgrade-glibc-langpack-fy
  • amazon-linux-ami-2-upgrade-glibc-langpack-ga
  • amazon-linux-ami-2-upgrade-glibc-langpack-gd
  • amazon-linux-ami-2-upgrade-glibc-langpack-gez
  • amazon-linux-ami-2-upgrade-glibc-langpack-gl
  • amazon-linux-ami-2-upgrade-glibc-langpack-gu
  • amazon-linux-ami-2-upgrade-glibc-langpack-gv
  • amazon-linux-ami-2-upgrade-glibc-langpack-ha
  • amazo

Reference(s)

  • ELSA-2021-9034
  • USN-4467-1
  • USN-4467-2
  • CVE-2020-13659
  • ELSA-2021-9034
  • USN-4467-1
  • USN-4467-2
  • CVE-2020-13754
  • ELSA-2021-9034
  • USN-4467-1
  • USN-4467-2
  • CVE-2020-13362
  • ELSA-2021-9034
  • USN-4467-1
  • USN-4467-2
  • CVE-2020-13253
  • ELSA-2021-9034
  • CVE-2020-10702
  • USN-4372-1
  • ELSA-2021-9034
  • CVE-2020-11102
  • https://attackerkb.com/topics/cve-2020-6096
  • AL2/ALAS-2021-1605
  • CVE - 2020-6096
WHAT WE DO

OTHER SERVICES

Consulting Services

We help your team successfully protect your company within your budget.

LEARN MORE

Application Security Services

Achieve more-secure applications, compliant environments, and safer systems development with streamlined and repeatable processes.

LEARN MORE

Data Security Services

Protectyour critical data across multiple environments, meet privacy regulations and simplify operational complexity.

LEARN MORE

Cloud Security Testing Services

Identify cloud vulnerabilities that tools alone cannot find.

LEARN MORE

Security Risk Services

Secure your operations and respond to threats with accuracy and speed.

LEARN MORE

Cloud Security Monitoring Services

Real-time threat detection across your cloud deployments.

LEARN MORE