CVE-2020-11105

Exploit

EPSS 0.52%
Veröffentlicht 30.03.2020 22:15:15
Zuletzt bearbeitet 21.11.2024 04:56:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Usc ≫ Cereal Version <= 1.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.66

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-763 Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

https://github.com/USCiLab/cereal/issues/636

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-11105

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11105

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11105

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-11105