Vulnerability Details : CVE-2020-36148
Potential exploit
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
Vulnerability category: Memory Corruption
Products affected by CVE-2020-36148
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:a:symonics:libmysofa:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36148
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36148
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-36148
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36148
-
https://github.com/hoene/libmysofa/issues/138
NULL pointer dereference in verifyAttribute · Issue #138 · hoene/libmysofa · GitHubExploit;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/
[SECURITY] Fedora 32 Update: libmysofa-1.2-4.fc32 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
Jump to