CVE-2020-28241

Опубликовано: 06 нояб. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

Ссылки

https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3
Patch
Third Party Advisory
https://github.com/maxmind/libmaxminddb/issues/236
Exploit
Patch
Third Party Advisory
https://github.com/maxmind/libmaxminddb/pull/237
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
https://security.gentoo.org/glsa/202011-15
Third Party Advisory
https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3
Patch
Third Party Advisory
https://github.com/maxmind/libmaxminddb/issues/236
Exploit
Patch
Third Party Advisory
https://github.com/maxmind/libmaxminddb/pull/237
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
https://security.gentoo.org/glsa/202011-15
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:maxmind:libmaxminddb:*:*:*:*:*:*:*:*

Версия до 1.4.3 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00209

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2020-28241

CVSS3: 6.5

ubuntu

почти 5 лет назад

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

CVE-2020-28241

CVSS3: 6.5

redhat

около 5 лет назад

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

CVE-2020-28241

CVSS3: 6.5

debian

почти 5 лет назад

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...

RLSA-2024:0768

rocky

больше 1 года назад

Moderate: libmaxminddb security update

GHSA-8h2q-prr9-7wh9

github

около 3 лет назад

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

EPSS

Процентиль: 43%

0.00209

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125