2 matches found
CVE-2020-9331
CVE-2020-9331 affects CryptoPro CSP up to version 5.0.0.10004 on 32-bit platforms. The root cause is mishandling of user-mode input during process creation, enabling a local attacker with SeChangeNotifyPrivilege to write arbitrary data to the kernel address space, resulting in Local Privilege Esc...
CVE-2020-9361
CryptoPro CSP (Windows/Linux) v5.0.0.10004 and earlier on 64-bit platforms is affected by a denial-of-service vulnerability. The issue originates from how user-mode input is processed during process creation, allowing a local user with SeChangeNotifyPrivilege to trigger a crash or service disrupt...