CVE-2020-11068

EPSS 0.92%
Veröffentlicht 23.06.2020 17:15:11
Zuletzt bearbeitet 21.11.2024 04:56:43
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Potential Buffer Overflow in LoRaMac-node

In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Semtech ≫ Loramac-node Version < 4.4.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.92%	0.555

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security-advisories@github.com	5	1.6	3.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://github.com/Lora-net/LoRaMac-node/commit/e3063a91daa7ad8a687223efa63079f0c24568e4

Patch

Third Party Advisory

https://github.com/Lora-net/LoRaMac-node/security/advisories/GHSA-559p-6xgm-fpv9

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11068

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11068

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11068

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-11068