{"id":"USN-5990-1","summary":"musl vulnerabilities","details":"It was discovered that musl did not handle certain i386 math functions\nproperly. An attacker could use this vulnerability to cause a denial of\nservice (crash) or possibly execute arbitrary code. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.\n(CVE-2019-14697)\n\nIt was discovered that musl did not handle wide-character conversion\nproperly. A remote attacker could use this vulnerability to cause resource\nconsumption (infinite loop), denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04\nESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928)\n","modified":"2026-05-20T16:06:07.402718567Z","published":"2023-03-31T00:44:58Z","related":["UBUNTU-CVE-2019-14697","UBUNTU-CVE-2020-28928"],"upstream":["CVE-2019-14697","CVE-2020-28928","UBUNTU-CVE-2019-14697","UBUNTU-CVE-2020-28928"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5990-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14697"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-28928"}],"affected":[{"package":{"name":"musl","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/musl?arch=source&distro=trusty%2Fesm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.15-1ubuntu0.1~esm2"}]}],"versions":["0.9.14-2","0.9.14-2ubuntu1","0.9.15-1","0.9.15-1ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.9.15-1ubuntu0.1~esm2","binary_name":"musl"},{"binary_version":"0.9.15-1ubuntu0.1~esm2","binary_name":"musl-tools"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5990-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2019-14697","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-28928"}]}}},{"package":{"name":"musl","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/musl?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.9-1ubuntu0.1~esm3"}]}],"versions":["1.1.9-1","1.1.9-1ubuntu0.1~esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.9-1ubuntu0.1~esm3","binary_name":"musl-tools"},{"binary_version":"1.1.9-1ubuntu0.1~esm3","binary_name":"musl"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5990-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[]}}},{"package":{"name":"musl","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/musl?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.19-1ubuntu0.1~esm1"}]}],"versions":["1.1.16-3","1.1.18-1","1.1.19-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.19-1ubuntu0.1~esm1","binary_name":"musl"},{"binary_version":"1.1.19-1ubuntu0.1~esm1","binary_name":"musl-tools"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5990-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2019-14697","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-28928","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"musl","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/musl?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.24-1ubuntu0.1~esm1"}]}],"versions":["1.1.23-2build1","1.1.24-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.24-1ubuntu0.1~esm1","binary_name":"musl"},{"binary_version":"1.1.24-1ubuntu0.1~esm1","binary_name":"musl-tools"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5990-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-28928"}]}}}],"schema_version":"1.7.5"}