Lucene search

Veracode Vulnerability DatabaseVERACODE:44988

HistoryJan 09, 2024 - 7:53 a.m.

Stack Based Buffer Overflow

2024-01-0907:53:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

stack based buffer overflow

software

denial of service

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

gpac/gpac is vulnerable to SBuffer Overflow. The vulnerability is caused due to missing checks for the lineSize within the *gf_text_get_utf8_line function. This can potentially lead to a Denial of Service (DoS) attack.

CPENameOperatorVersion
libgpac.sole10.1.0
libgpac.sole10.1.0

CPE	Name	Operator	Version
	libgpac.so	le	10.1.0
	libgpac.so	le	10.1.0

References

github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a

huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769

huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for VERACODE:44988