CVE-2020-36149
Published: 8 February 2021
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
Priority
Status
Package | Release | Status |
---|---|---|
libmysofa Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Released
(1.2~dfsg0-1)
|
|
kinetic |
Not vulnerable
(1.2~dfsg0-1)
|
|
lunar |
Not vulnerable
(1.2~dfsg0-1)
|
|
mantic |
Not vulnerable
(1.2~dfsg0-1)
|
|
noble |
Not vulnerable
(1.2~dfsg0-1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.2)
|
|
xenial |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |