GHSA-9cfv-9463-8gqv

Опубликовано: 30 авг. 2024

Источник: github

Github: Прошло ревью

CVSS4: 2.4

CVSS3: 2.8

Описание

freewvs vulnerable to denial of service through large files

Impact

A user could create a large file that freewvs will try to read, which will terminate a scan process.

Patches

This has been patched by limiting the data freewvs reads: https://github.com/schokokeksorg/freewvs/commit/18bbf2043e53f69e0119d24f8ae4edb274afb9b2

Ссылки

Пакеты

Наименование

freewvs

pip

Затронутые версииВерсия исправления

< 0.1.1

0.1.1

EPSS

Процентиль: 18%

0.00058

Низкий

2.4 Low

CVSS4

2.8 Low

CVSS3

CVE ID

CVE-2020-15100

Дефекты

CWE-770

Связанные уязвимости

CVE-2020-15100

CVSS3: 2.8

nvd

больше 5 лет назад

In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.

EPSS

Процентиль: 18%

0.00058

Низкий

2.4 Low

CVSS4

2.8 Low

CVSS3

CVE ID

CVE-2020-15100

Дефекты

CWE-770