CVE-2019-17264

Опубликовано: 06 окт. 2019

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue

Ссылки

https://github.com/libyal/liblnk/compare/20181227...20191006
Patch
Third Party Advisory
https://github.com/libyal/liblnk/issues/38
Exploit
Third Party Advisory
https://github.com/libyal/liblnk/compare/20181227...20191006
Patch
Third Party Advisory
https://github.com/libyal/liblnk/issues/38
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liblnk_project:liblnk:*:*:*:*:*:*:*:*

Версия до 20191006 (исключая)

EPSS

Процентиль: 33%

0.00134

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2019-17264

CVSS3: 3.3

ubuntu

больше 6 лет назад

CVE-2019-17264

CVSS3: 3.3

debian

больше 6 лет назад

In libyal liblnk before 20191006, liblnk_location_information_read_dat ...

GHSA-qvh2-jh54-687w

CVSS3: 3.3

github

больше 3 лет назад

EPSS

Процентиль: 33%

0.00134

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125