Lucene search

KrcertCVELIST:CVE-2020-7845

HistoryDec 27, 2020 - 1:26 a.m.

CVE-2020-7845 Jiransecurity Spamsniper Stack-based Buffer Overflow Vulnerability

2020-12-2701:26:36

CWE-121

krcert

www.cve.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.5%

JSON

Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet.

CNA Affected

[
  {
    "product": "Spamsniper",
    "vendor": "Jiransecurity",
    "versions": [
      {
        "lessThanOrEqual": "5.7.8 revision 5500",
        "status": "affected",
        "version": "5.2.7",
        "versionType": "custom"
      }
    ]
  }
]

References

www.jiransecurity.com/

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35855

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVELIST:CVE-2020-7845