CVE-2020-28928
MEDIUM5.5EPSS 0.04%musl - security update
Published: 11/24/2020Modified: 12/3/2025
Also known as:ALPINE-CVE-2020-28928DEBIAN-CVE-2020-28928
Description
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
Affected packages (3)
- Alpine/muslfrom 0, < 1.1.22-r4
- Debian/muslfrom 0, < 1.2.2-1
- Debian/muslfrom 0, < 1.1.16-3+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |