Vulnerability Description
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symonics | Libmysofa | >= 0.5, <= 1.1 |
| Fedoraproject | Fedora | 32 |
Related Weaknesses (CWE)
References
- https://github.com/hoene/libmysofa/issues/138ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/hoene/libmysofa/issues/138ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2020-36148?
CVE-2020-36148 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protect...
How severe is CVE-2020-36148?
CVE-2020-36148 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36148?
Check the references section above for vendor advisories and patch information. Affected products include: Symonics Libmysofa, Fedoraproject Fedora.