vulnerability
Arch Linux: Arbitrary code execution (CVE-2020-28928)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | Nov 24, 2020 | Jul 11, 2025 | Nov 27, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 24, 2020
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
The wcsnrtombs function in all musl libc versions up to 1.2.1 has been found to have multiple bugs in the handling of the destination buffer size when limiting the input character count, which can lead to an infinite loop with no progress (no overflow) or to writing past the end of the destination buffer.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.