CVE-2020-26148 : md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of u

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.

Published 2020-09-30 18:15:27

Updated 2020-10-09 15:05:45

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-26148

Md4c Project » Md4c » Version: 0.4.5
cpe:2.3:a:md4c_project:md4c:0.4.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-26148

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-26148

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-26148

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-26148

https://github.com/mity/md4c/issues/130

Use of uninitialized value in the md_push_block_bytes() function · Issue #130 · mity/md4c · GitHub
Exploit;Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-26148

Products affected by CVE-2020-26148

Exploit prediction scoring system (EPSS) score for CVE-2020-26148

CVSS scores for CVE-2020-26148

CWE ids for CVE-2020-26148

References for CVE-2020-26148