Vulnerability Description
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Daemonology | Bsdiff | 4.3 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1856747Issue TrackingThird Party Advisory
- https://www.openwall.com/lists/oss-security/2020/07/09/2Mailing ListThird Party Advisory
- https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/ExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1856747Issue TrackingThird Party Advisory
- https://www.openwall.com/lists/oss-security/2020/07/09/2Mailing ListThird Party Advisory
- https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/ExploitThird Party Advisory
FAQ
What is CVE-2020-14315?
CVE-2020-14315 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sani...
How severe is CVE-2020-14315?
CVE-2020-14315 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14315?
Check the references section above for vendor advisories and patch information. Affected products include: Daemonology Bsdiff.