CVE-2020-27678 — Classic Buffer Overflow in Illumos

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 35.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Illumos Joyent Smartos Omniosce Omnios

Timeline

PublishedOct 26

Latest updateMay 24

Description

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDjoyent/smartos< 20201022

▶NVDillumos/illumos< 2020-10-22

▶NVDomniosce/omniosr151034 — r151034y+2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-q226-j4q4-9wc9: An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022↗2022-05-24

▶

CVEList

CVE-2020-27678: An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022↗2020-10-23

▶