Vulnerability Details : CVE-2020-13995
Potential exploit
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2020-13995
- cpe:2.3:a:airforce:nitf_extract_utility:7.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13995
3.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13995
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-13995
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13995
-
https://www.riverloopsecurity.com/blog/2020/09/nitf-extract75-cve-2020-13995/
CVE-2020-13995: Details on a Vulnerability in a NITF Parser - River Loop SecurityExploit;Third Party Advisory
Jump to