ALT-PU-2020-2720-1
Closed vulnerabilities
Published: 2020-01-08
BDU:2021-03611
Уязвимость библиотека для упрощение переноса проектов Libbsd, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2020-01-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-20367
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
- openSUSE-SU-2020:0679
- openSUSE-SU-2020:0679
- https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
- https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
- [tomee-dev] 20210401 Re: CVE-2019-20367 - TomEE not affected
- [tomee-dev] 20210401 Re: CVE-2019-20367 - TomEE not affected
- [tomee-dev] 20210401 CVE-2019-20367 - TomEE not affected
- [tomee-dev] 20210401 CVE-2019-20367 - TomEE not affected
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2566-1] libbsd security update
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2566-1] libbsd security update
- https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
- https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
- USN-4243-1
- USN-4243-1