CVE-2020-11937

MEDIUM

Canonical Whoopsie - Memory Leak

Title source: rule

Description

In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.

References (4)

Scores

CVSS v3 5.5
EPSS 0.0008
EPSS Percentile 23.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-401 CWE-400
Status published

Affected Products (27)

canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
canonical/whoopsie
... and 12 more

Timeline

Published Aug 06, 2020
Tracked Since Feb 18, 2026