VDB
CVE-2020-36148
CVE-2020-36148
PUBLISHED
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
EPSS 0.29% · 52.3th percentile
Risk Scores
EPSS Score
0.29%
52.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | libmysofa | 0.7~dfsg0-1, *, * |
| Ubuntu:22.04:LTS | libmysofa | 0 |
| Ubuntu:Pro:18.04:LTS | libmysofa | *, 0.6~dfsg0-3+deb10u1ubuntu0.1~esm1, 0.6~dfsg0-3+deb10u1build1 |
Exploit Intelligence
- https://github.com/hoene/libmysofa/issues/138 (nist-nvd)
- FEDORA-2021-4e40ccb5e6 (circl)
Timeline
- Feb 8, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36148 third-party-advisory
- https://github.com/hoene/libmysofa/issues/138 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36148 third-party-advisory