Lucene search

[email protected]NVD:CVE-2020-27819

HistoryFeb 23, 2021 - 4:15 a.m.

CVE-2020-27819

2021-02-2304:15:13

CWE-476

[email protected]

web.nvd.nist.gov

issue

libxls

denial of service

microsoft excel files

null pointer vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.2%

JSON

An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.

Affected configurations

Nvd

Node

libxls_projectlibxlsRange<1.6.2

VendorProductVersionCPE
libxls_projectlibxls*cpe:2.3:a:libxls_project:libxls:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libxls_project	libxls	*	cpe:2.3:a:libxls_project:libxls::::::::

References

bugzilla.redhat.com/show_bug.cgi?id=1903296

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.2%

JSON

Related for NVD:CVE-2020-27819

openvas3 nessus3 prion1 suse1 ubuntucve1 fedora2 debiancve1 cvelist1 cve1 osv1