Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-0499

Опубликовано: 07 дек. 2020
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

Отчет

Red Hat Product Security has lowered the severity of this flaw to Low because while the initial report stated a threat of remote information disclosure, it does not appear to be a possibility in flac as shipped with Red Hat Enterprise Linux 8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6flacOut of support scope
Red Hat Enterprise Linux 7flacOut of support scope
Red Hat Enterprise Linux 8flacFix deferred
Red Hat Enterprise Linux 9flacNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1909806flac: out-of-bounds read can lead to denial of service

EPSS

Процентиль: 90%
0.05474
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-0499

CVSS3: 4.3
ubuntu
около 5 лет назад

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

nvd логотип

CVE-2020-0499

CVSS3: 4.3
nvd
около 5 лет назад

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

debian логотип

CVE-2020-0499

CVSS3: 4.3
debian
около 5 лет назад

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a p ...

suse-cvrf логотип

SUSE-SU-2021:0017-1

suse-cvrf
около 5 лет назад

Security update for flac

github логотип

GHSA-qp4c-cv95-gwhh

github
больше 3 лет назад

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

EPSS

Процентиль: 90%
0.05474
Низкий

4.3 Medium

CVSS3