CVE-2020-36148

Exploit

EPSS 0.29%
Published 08.02.2021 21:15:13
Last modified 21.11.2024 05:28:48
Source cve@mitre.org
Teams watchlist Login
Open Login

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Symonics ≫ Libmysofa Version >= 0.5 <= 1.1

Fedoraproject ≫ Fedora Version32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.49

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/hoene/libmysofa/issues/138

Third Party Advisory

Exploit

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/

https://nvd.nist.gov/vuln/detail/CVE-2020-36148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36148

EUVD