Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by daemonology

CVE-2020-14315 (GCVE-0-2020-14315)

Vulnerability from cvelistv5 – Published: 2020-09-16 13:31 – Updated: 2024-08-04 12:39

Summary

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.

Severity

No CVSS data available.

CWE

CWE-787

Assigner

redhat

References

3 references

URL	Tags
https://www.openwall.com/lists/oss-security/2020/…	x_refsource_MISC
https://www.x41-dsec.de/lab/advisories/x41-2020-0…	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1856747	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	bsdiff	Affected: bsdiff 4.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/09/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856747"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "bsdiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "bsdiff 4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption vulnerability is present in bspatch as shipped in Colin Percival\u2019s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-16T13:31:19.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/09/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856747"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14315",
    "datePublished": "2020-09-16T13:31:19.000Z",
    "dateReserved": "2020-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:39:36.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}