CVE-2020-25643

EPSS 0.39%
Veröffentlicht 06.10.2020 14:15:12
Zuletzt bearbeitet 21.11.2024 05:18:19
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.29 < 4.4.238

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.238

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.200

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.148

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.68

Linux ≫ Linux Kernel Version >= 5.5 < 5.8.12

Linux ≫ Linux Kernel Version5.9.0 Updaterc1

Linux ≫ Linux Kernel Version5.9.0 Updaterc2

Linux ≫ Linux Kernel Version5.9.0 Updaterc3

Linux ≫ Linux Kernel Version5.9.0 Updaterc4

Linux ≫ Linux Kernel Version5.9.0 Updaterc5

Linux ≫ Linux Kernel Version5.9.0 Updaterc6

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Opensuse ≫ Leap Version15.1

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Opensuse ≫ Leap Version15.2

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Starwindsoftware ≫ Starwind Virtual San Versionv8 Updatebuild12533 SwPlatformvsphere

Starwindsoftware ≫ Starwind Virtual San Versionv8 Updatebuild12658 SwPlatformvsphere

Starwindsoftware ≫ Starwind Virtual San Versionv8 Updatebuild12859 SwPlatformvsphere

Starwindsoftware ≫ Starwind Virtual San Versionv8 Updatebuild13170 SwPlatformvsphere

Starwindsoftware ≫ Starwind Virtual San Versionv8 Updatebuild13586 SwPlatformvsphere

Starwindsoftware ≫ Starwind Virtual San Versionv8 Updatebuild13861 SwPlatformvsphere

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.596

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	6.8	8.5	AV:N/AC:M/Au:S/C:P/I:P/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2020/dsa-4774

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html