CVE-2020-25412

Опубликовано: 16 сент. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

Ссылки

https://sourceforge.net/p/gnuplot/bugs/2303/
Exploit
Third Party Advisory
https://sourceforge.net/p/gnuplot/bugs/2303/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnuplot:gnuplot:5.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00614

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2020-25412

CVSS3: 9.8

ubuntu

больше 5 лет назад

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

CVE-2020-25412

CVSS3: 7.8

redhat

больше 5 лет назад

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

CVE-2020-25412

CVSS3: 9.8

debian

больше 5 лет назад

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...

GHSA-fw2x-mx3p-5gr5

CVSS3: 9.8

github

больше 3 лет назад

gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in context-dependent arbitrary code execution.

EPSS

Процентиль: 69%

0.00614

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787