Ubuntu.comUB:CVE-2020-8244CVE-2020-8244
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
50.4%
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and
<1.2.3 which could allow an attacker to supply user input (even typed) that
if it ends up in consume() argument and can become negative, the BufferList
state can be corrupted, tricking it into exposing uninitialized memory via
regular .slice() calls.
Bugs
References
github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
hackerone.com/reports/966347
launchpad.net/bugs/cve/CVE-2020-8244
nvd.nist.gov/vuln/detail/CVE-2020-8244
security-tracker.debian.org/tracker/CVE-2020-8244
ubuntu.com/security/notices/USN-5098-1
ubuntu.com/security/notices/USN-5159-1
www.cve.org/CVERecord?id=CVE-2020-8244
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
50.4%