Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-22219

Опубликовано: 22 авг. 2023
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

Отчет

This CVE marked as important as it can allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service. flac-1.3.0 in Red Hat Enterprise Linux 7 is not impacted. As it doesn't have the safe_realloc function, so not leaks memory.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6flacOut of support scope
Red Hat Enterprise Linux 7flacNot affected
Red Hat OpenShift Container Platform 4flacNot affected
Red Hat OpenShift Container Platform 4flatpak-runtime-containerNot affected
Red Hat OpenShift Container Platform 4flatpak-sdk-containerNot affected
Red Hat OpenShift Container Platform 4openshift4/network-tools-rhel8Not affected
Red Hat OpenStack Platform 17.0flacNot affected
Red Hat OpenStack Platform 17.0openstack-nova-libvirt-containerNot affected
Red Hat OpenStack Platform 17.1flacNot affected
Red Hat OpenStack Platform 17.1flatpak-runtime-containerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2235489flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder

EPSS

Процентиль: 50%
0.00264
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-22219

CVSS3: 7.8
ubuntu
около 2 лет назад

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

nvd логотип

CVE-2020-22219

CVSS3: 7.8
nvd
около 2 лет назад

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

debian логотип

CVE-2020-22219

CVSS3: 7.8
debian
около 2 лет назад

Buffer Overflow vulnerability in function bitwriter_grow_ in flac befo ...

suse-cvrf логотип

SUSE-SU-2023:3635-1

suse-cvrf
почти 2 года назад

Security update for flac

github логотип

GHSA-hvp4-qmrj-gvhf

CVSS3: 9.8
github
около 2 лет назад

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

EPSS

Процентиль: 50%
0.00264
Низкий

7.8 High

CVSS3