CVE-2020-36148NULL Pointer Dereference in Libmysofa

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 47.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Symonics LibmysofaDebian LibmysofaFedoraproject Fedora
Timeline
PublishedFeb 8
Latest updateMay 24

Description

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/libmysofa< libmysofa 1.2~dfsg0-1 (bookworm)
Debiansymonics/libmysofa< 1.2~dfsg0-1+3
NVDsymonics/libmysofa0.51.1

Also affects: Fedora 32

🔴Vulnerability Details

2
GHSA
GHSA-2r9h-7mx9-fq3w: Incorrect handling of input data in verifyAttribute function in the libmysofa library 02022-05-24
OSV
CVE-2020-36148: Incorrect handling of input data in verifyAttribute function in the libmysofa library 02021-02-08

📋Vendor Advisories

1
Debian
CVE-2020-36148: libmysofa - Incorrect handling of input data in verifyAttribute function in the libmysofa li...2020
CVE-2020-36148 — NULL Pointer Dereference in Libmysofa | cvebase