CVE-2020-8896

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 75.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Earth Google LLC Google Earth PRO

Timeline

PublishedMay 4

Latest updateMay 24

Description

A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

▶NVDgoogle/earth< 7.3.3

▶CVEListV5google_llc/google_earth_prostable — 7.3.2

🔴Vulnerability Details

GHSA

GHSA-33rh-fh49-758p: A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7↗2022-05-24

▶

CVEList

Buffer Overflow in Google Earth Pro↗2020-05-04

▶