CVE-2020-36152Classic Buffer Overflow in Libmysofa

CWE-120Classic Buffer Overflow4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.4%
top 19.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Symonics LibmysofaDebian LibmysofaFedoraproject Fedora
Timeline
PublishedFeb 8
Latest updateMay 24

Description

Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Debiansymonics/libmysofa< 1.2~dfsg0-1+3
NVDsymonics/libmysofa0.51.1
debiandebian/libmysofa< libmysofa 1.2~dfsg0-1 (bookworm)

Also affects: Fedora 32

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-rcr6-jvpg-rgxq: Buffer overflow in readDataVar in hdf/dataobject2022-05-24
OSV
CVE-2020-36152: Buffer overflow in readDataVar in hdf/dataobject2021-02-08

📋Vendor Advisories

1
Debian
CVE-2020-36152: libmysofa - Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1...2020
CVE-2020-36152 — Classic Buffer Overflow in Libmysofa | cvebase