4 matches found
iospytools (>=1.0.4 <=1.0.6), pyupdater (>=2.0.3 <=3.1.1) potentially affected by CVE-2020-15904 via bsdiff4 (>=1.1.4 <=1.1.9)
bsdiff4 PYPI version =1.1.4, =1.0.4, =2.0.3, =3.1.1 Source cves: CVE-2020-15904 Source advisory: OSV:GHSA-F8M3-JPXR-HM5X...
CVE-2020-15904
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory beyond allocated bounds via a crafted patch file...
iospytools (>=1.0.4 <=1.0.6), pyupdater (>=2.0.3 <=3.1.1) potentially affected by CVE-2020-15904 via bsdiff4 (>=1.1.4 <=1.1.9)
bsdiff4 PYPI version =1.1.4, =1.0.4, =2.0.3, =3.1.1 Source cves: CVE-2020-15904 Source advisory: OSV:PYSEC-2020-30...
CVE-2020-15904
The CVE-2020-15904 entry concerns bsdiff4 prior to 1.2.0, where a vulnerability in the patching routine allows a crafted patch file to cause a heap-memory write beyond allocated bounds. Affected component: bsdiff4 patching logic (before 1.2.0). Root cause: buffer/heap overflow during patch proces...