Lucene search

[email protected]CVE-2020-6610

HistoryJan 08, 2020 - 9:15 p.m.

CVE-2020-6610

2020-01-0821:15:11

CWE-770

[email protected]

web.nvd.nist.gov

106

cve-2020-6610

gnu libredwg

memory allocation

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

Affected configurations

NVD

Node

gnulibredwgMatch0.9.3.2564

Node

opensusebackportsMatchsle-15sp1

opensuseleapMatch15.1

VendorProductVersionCPE
gnulibredwg0.9.3.2564cpe:/a:gnu:libredwg:0.9.3.2564:::

Vendor	Product	Version	CPE
gnu	libredwg	0.9.3.2564	cpe:/a:gnu:libredwg:0.9.3.2564:::

References

lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html

lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html

github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

43.0%

JSON

Related for CVE-2020-6610

prion1 cvelist1 osv1 nvd1 openvas1 nessus1 suse2