CVE-2019-20795

CVE-2019-20795

Name

CVE-2019-20795

Description

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
Issue Tracking	https://bugzilla.suse.com/show_bug.cgi?id=1171452
Third Party Advisory	https://usn.ubuntu.com/4357-1/
Third Party Advisory	https://security.gentoo.org/glsa/202008-06

Type

URI

Patch

https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=1171452

Third Party Advisory

https://usn.ubuntu.com/4357-1/

Third Party Advisory

https://security.gentoo.org/glsa/202008-06