Vulnerability Description
An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Readytalk | Avian | 1.2.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2020/Aug/10ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Sep/11Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Sep/13Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Sep/14Mailing ListThird Party Advisory
- https://github.com/ReadyTalk/avian/issuesThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Aug/10ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Sep/11Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Sep/13Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Sep/14Mailing ListThird Party Advisory
- https://github.com/ReadyTalk/avian/issuesThird Party Advisory
FAQ
What is CVE-2020-17361?
CVE-2020-17361 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This co...
How severe is CVE-2020-17361?
CVE-2020-17361 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-17361?
Check the references section above for vendor advisories and patch information. Affected products include: Readytalk Avian.