{"id":"CVE-2020-28928","details":"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).","modified":"2026-04-02T05:11:12.997173Z","published":"2020-11-24T18:15:12.207Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"},{"type":"ADVISORY","url":"https://musl.libc.org/releases.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/11/20/4"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graalvm/graalvm-ce-builds","events":[{"introduced":"0"},{"last_affected":"cf616f9f924f9e60b6158ff4aaed8306382b4c31"},{"introduced":"0"},{"last_affected":"a748f59635430848730ca95f41a9f7fa1f26b12b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20.3.2"},{"introduced":"0"},{"last_affected":"21.1.0"}]}}],"versions":["vm-19.3.0","vm-19.3.0.2","vm-19.3.1","vm-19.3.2","vm-19.3.2-pre","vm-19.3.3","vm-19.3.4","vm-19.3.5","vm-19.3.6","vm-20.0.0","vm-20.0.1","vm-20.1.0","vm-20.2.0","vm-20.3.0","vm-20.3.1","vm-20.3.1.2","vm-20.3.2","vm-21.0.0","vm-21.0.0.2","vm-ce-21.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28928.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}