Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-9EC49789F0A08C9CC3C874FEA45FEC51

HistoryMar 30, 2020 - 12:00 a.m.

Improper Restriction of Operations within the Bounds of a Memory Buffer

2020-03-3000:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

47.4%

JSON

An issue was discovered in USC iLab cereal. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside a trusted context.

Affected configurations

Vulners

Node

conancerealRange≤1.3.0

VendorProductVersionCPE
conancereal*cpe:2.3:a:conan:cereal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
conan	cereal	*	cpe:2.3:a:conan:cereal::::::::

References

nvd.nist.gov/vuln/detail/CVE-2020-11104

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

47.4%

JSON

Related for GITLAB-9EC49789F0A08C9CC3C874FEA45FEC51