Vulnerability Description
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symonics | Libmysofa | >= 0.5, <= 1.1 |
| Fedoraproject | Fedora | 32 |
Related Weaknesses (CWE)
References
- https://github.com/hoene/libmysofa/issues/137ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/hoene/libmysofa/issues/137ExploitThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2020-36149?
CVE-2020-36149 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protect...
How severe is CVE-2020-36149?
CVE-2020-36149 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36149?
Check the references section above for vendor advisories and patch information. Affected products include: Symonics Libmysofa, Fedoraproject Fedora.