5.5

CVE-2020-17361

Exploit

EPSS 0.3%
Veröffentlicht 12.08.2020 18:15:17
Zuletzt bearbeitet 21.11.2024 05:07:56
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Readytalk ≫ Avian Version1.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.53

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://seclists.org/fulldisclosure/2020/Sep/11

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2020/Sep/13

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2020/Sep/14

Third Party Advisory

Mailing List

https://github.com/ReadyTalk/avian/issues

Third Party Advisory

http://seclists.org/fulldisclosure/2020/Aug/10

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2020-17361

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-17361

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-17361

EUVD