Vulnerability Description
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symonics | Libmysofa | < 0.9 |
Related Weaknesses (CWE)
References
- https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70dPatchThird Party Advisory
- https://github.com/hoene/libmysofa/issues/83ExploitThird Party Advisory
- https://github.com/hoene/libmysofa/issues/84ExploitThird Party Advisory
- https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70dPatchThird Party Advisory
- https://github.com/hoene/libmysofa/issues/83ExploitThird Party Advisory
- https://github.com/hoene/libmysofa/issues/84ExploitThird Party Advisory
FAQ
What is CVE-2019-20016?
CVE-2019-20016 is a vulnerability with a CVSS score of 6.5 (MEDIUM). libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in...
How severe is CVE-2019-20016?
CVE-2019-20016 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-20016?
Check the references section above for vendor advisories and patch information. Affected products include: Symonics Libmysofa.