Lucene search

GitHub_MCVELIST:CVE-2020-15101

HistoryJul 14, 2020 - 9:35 p.m.

CVE-2020-15101 Nested directory structure can lead to Uncontrolled Resource Consumption in freewvs

2020-07-1421:35:12

CWE-400

GitHub_M

www.cve.org

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python’s recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1.

CNA Affected

[
  {
    "product": "freewvs",
    "vendor": "schokokeksorg",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.1.1"
      }
    ]
  }
]

References

github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143

github.com/schokokeksorg/freewvs/security/advisories/GHSA-7pmh-vrww-25xx

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-15101