exploitDog

CVE-2020-36405

Опубликовано: 01 июл. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22850
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-789.yaml
Technical Description
https://github.com/keystone-engine/keystone/releases
Release Notes
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22850
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-789.yaml
Technical Description
https://github.com/keystone-engine/keystone/releases
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:keystone-engine:keystone_engine:0.9.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00401

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-8qf3-hc2j-g9wq

github

больше 3 лет назад

Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.

EPSS

Процентиль: 60%

0.00401

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416