var-202005-0588
Vulnerability from variot

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. iproute2 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. in the Linux kernel by American Stephen Hemminger software developer. A resource management error vulnerability exists in the 'get_netnsid_from_name' function of the ip/ipnetns.c file in iproute2 versions prior to 5.1.0. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202008-06


                                       https://security.gentoo.org/

Severity: Normal Title: iproute2: Denial of service Date: August 08, 2020 Bugs: #722144 ID: 202008-06


Synopsis

A use-after-free was found in iproute2, possibly allowing a Denial of Service condition.

Background

iproute2 is a set of tools for managing Linux network routing and advanced features.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 sys-apps/iproute2 < 5.1.0 >= 5.1.0

Description

iproute2 was found to contain a use-after-free in get_netnsid_from_name in ip/ipnetns.c.

Impact

A remote attacker, able to feed iproute2 crafted data, may be able to cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All iproute2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/iproute2-5.1.0"

References

[ 1 ] CVE-2019-20795 https://nvd.nist.gov/vuln/detail/CVE-2019-20795

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202008-06

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4357-1 May 13, 2020

iproute2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS

Summary:

IPRoute could be made to execute arbitrary code if it received a specially crafted input.

Software Description: - iproute2: networking and traffic control tools

Details:

It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS: iproute2 4.15.0-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/4357-1 CVE-2019-20795

Package Information: https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0588",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "iproute2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "iproute2",
        "version": "5.1.0"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "iproute2",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "stephen hemminger",
        "version": "5.1.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iproute2_project:iproute2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158802"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-20795",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005088",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-153377",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-20795",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005088",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-20795",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-005088",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-398",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-153377",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-20795",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. iproute2 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. in the Linux kernel by American Stephen Hemminger software developer. A resource management error vulnerability exists in the \u0027get_netnsid_from_name\u0027 function of the ip/ipnetns.c file in iproute2 versions prior to 5.1.0. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202008-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: iproute2: Denial of service\n     Date: August 08, 2020\n     Bugs: #722144\n       ID: 202008-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nA use-after-free was found in iproute2, possibly allowing a Denial of\nService condition. \n\nBackground\n=========\niproute2 is a set of tools for managing Linux network routing and\nadvanced features. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  sys-apps/iproute2            \u003c 5.1.0                    \u003e= 5.1.0\n\nDescription\n==========\niproute2 was found to contain a use-after-free in get_netnsid_from_name\nin ip/ipnetns.c. \n\nImpact\n=====\nA remote attacker, able to feed iproute2 crafted data, may be able to\ncause a Denial of Service condition. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll iproute2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=sys-apps/iproute2-5.1.0\"\n\nReferences\n=========\n[ 1 ] CVE-2019-20795\n      https://nvd.nist.gov/vuln/detail/CVE-2019-20795\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202008-06\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-4357-1\nMay 13, 2020\n\niproute2 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nIPRoute could be made to execute arbitrary code if it received a specially\ncrafted input. \n\nSoftware Description:\n- iproute2: networking and traffic control tools\n\nDetails:\n\nIt was discovered that IPRoute incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  iproute2                        4.15.0-2ubuntu1.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/4357-1\n  CVE-2019-20795\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "db": "PACKETSTORM",
        "id": "158802"
      },
      {
        "db": "PACKETSTORM",
        "id": "157693"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-20795",
        "trust": 2.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157693",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158802",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "48174",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1682",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3460",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-153377",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-20795",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "PACKETSTORM",
        "id": "158802"
      },
      {
        "db": "PACKETSTORM",
        "id": "157693"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ]
  },
  "id": "VAR-202005-0588",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-153377"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:17:04.367000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ipnetns: use-after-free problem in get_netnsid_from_name func",
        "trust": 0.8,
        "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10"
      },
      {
        "title": "USN-4357-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/4357-1/"
      },
      {
        "title": "iproute2 Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119186"
      },
      {
        "title": "Ubuntu Security Notice: iproute2 vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4357-1"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202008-06"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/4357-1/"
      },
      {
        "trust": 1.8,
        "url": "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.suse.com/show_bug.cgi?id=1171452"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20795"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20795"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1682/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iproute2-buffer-overflow-32271"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158802/gentoo-linux-security-advisory-202008-06.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157693/ubuntu-security-notice-usn-4357-1.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48174"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3460"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4357-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "PACKETSTORM",
        "id": "158802"
      },
      {
        "db": "PACKETSTORM",
        "id": "157693"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "db": "PACKETSTORM",
        "id": "158802"
      },
      {
        "db": "PACKETSTORM",
        "id": "157693"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-20795"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "date": "2020-05-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "date": "2020-08-10T14:25:57",
        "db": "PACKETSTORM",
        "id": "158802"
      },
      {
        "date": "2020-05-13T14:26:22",
        "db": "PACKETSTORM",
        "id": "157693"
      },
      {
        "date": "2020-05-09T21:15:10.913000",
        "db": "NVD",
        "id": "CVE-2019-20795"
      },
      {
        "date": "2020-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-153377"
      },
      {
        "date": "2020-09-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-20795"
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      },
      {
        "date": "2020-09-10T17:50:15.410000",
        "db": "NVD",
        "id": "CVE-2019-20795"
      },
      {
        "date": "2021-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iproute2 Vulnerability in using free memory in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005088"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-398"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.