exploitDog

CVE-2020-11104

Опубликовано: 30 мар. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context.

Ссылки

https://github.com/USCiLab/cereal/issues/625
Exploit
Third Party Advisory
https://github.com/USCiLab/cereal/issues/625
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:usc:cereal:*:*:*:*:*:*:*:*

Версия до 1.3.0 (включая)

EPSS

Процентиль: 55%

0.00323

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-908

Связанные уязвимости

GHSA-7w9q-vfgp-w49f

github

больше 3 лет назад

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context.

EPSS

Процентиль: 55%

0.00323

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-908