Vulnerability Details : CVE-2020-36619
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.
Vulnerability category: Overflow
Products affected by CVE-2020-36619
- cpe:2.3:a:multimon-ng_project:multimon-ng:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36619
1.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36619
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
VulDB | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-36619
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: cna@vuldb.com (Secondary)
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by:
- cna@vuldb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-36619
-
https://vuldb.com/?id.216269
CVE-2020-36619 | multimon-ng demod_flex.c add_ch format string (ID 160)Permissions Required;Third Party Advisory;VDB Entry
-
https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07
Remove uncontrolled format string vulnerability · EliasOenal/multimon-ng@e5a51c5 · GitHubPatch;Third Party Advisory
-
https://github.com/EliasOenal/multimon-ng/releases/tag/1.2.0
Release 1.2.0 · EliasOenal/multimon-ng · GitHubRelease Notes;Third Party Advisory
-
https://github.com/EliasOenal/multimon-ng/pull/160
139 characters missing from flex by rfarley3 · Pull Request #160 · EliasOenal/multimon-ng · GitHubPatch;Third Party Advisory
Jump to