CVE-2020-11932

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-11932. PoCs published by ProjectorBUg, Staubgeborener, code-developers.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-11932, a double-free vulnerability in WhatsApp. The exploit generates a malicious GIF file that, when processed by the victim's WhatsApp, triggers a double-free condition leading to remote code execution via a reverse shell.

Description

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

Exploits (3)

nomisec WORKING POC 98 stars

by ProjectorBUg · poc

https://github.com/ProjectorBUg/CVE-2020-11932

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-11932, a double-free vulnerability in WhatsApp. The exploit generates a malicious GIF file that, when processed by the victim's WhatsApp, triggers a double-free condition leading to remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WhatsApp (specific version not specified)

No auth needed

Prerequisites: Victim must open the malicious GIF file in WhatsApp · Attacker must have a listener set up to receive the reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 3 stars

by Staubgeborener · poc

https://github.com/Staubgeborener/CVE-2020-11932

View Code ZIP pw:eip

This repository provides a scanner for CVE-2020-11932, which involves plaintext logging of LUKS full disk encryption passwords in Ubuntu Server 20.04. The script checks specific log files for exposed passwords.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Ubuntu Server 20.04 with LUKS full disk encryption

Auth required

Prerequisites: Access to the target system · Sudo privileges to read log files

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by code-developers · poc

https://github.com/code-developers/CVE-2020-11932

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-11932, a double-free vulnerability in WhatsApp. The exploit generates a malicious GIF file that, when processed by the victim's WhatsApp, triggers a double-free condition leading to remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: WhatsApp (specific version not specified)

No auth needed

Prerequisites: Victim must open the malicious GIF file in WhatsApp · Attacker must have a listener set up to receive the reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613

View Patch ZIP pw:eip

Various Sources x_refsource_misc

https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/

Subiquity < 20.05.2 - Sensitive Information Exposure via Log File

Exploitation Summary

Description

Exploits (3)

References (2)

Scores

Details