Lucene search

K
githubGitHub Advisory DatabaseGHSA-PV36-H7JH-QM62
HistoryOct 27, 2020 - 7:47 p.m.

Heap buffer overflow in CefSharp

2020-10-2719:47:38
CWE-119
CWE-787
GitHub Advisory Database
github.com
59

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.026 Low

EPSS

Percentile

90.3%

Impact

A memory corruption bug(Heap overflow) in the FreeType font rendering library.

> This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .

As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/

Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild.

Patches

Upgrade to 85.3.130 or higher

References

To review the CEF/Chromium patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d

Affected configurations

Vulners
Node
github_advisory_databasecefsharp.wpf.hwndhostRange<85.3.130
OR
github_advisory_databasecefsharp.winformsRange<85.3.130
OR
github_advisory_databasecefsharp.wpfRange<85.3.130
OR
github_advisory_databasecefsharp.commonRange<85.3.130

References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.026 Low

EPSS

Percentile

90.3%