Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for bsdiff by daemonology
CVE-2020-14315 (GCVE-0-2020-14315)
Vulnerability from cvelistv5 – Published: 2020-09-16 13:31 – Updated: 2024-08-04 12:39
VLAI
Summary
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.x41-dsec.de/lab/advisories/x41-2020-0… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1856747 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/09/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bsdiff",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "bsdiff 4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability is present in bspatch as shipped in Colin Percival\u2019s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T13:31:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/09/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856747"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14315",
"datePublished": "2020-09-16T13:31:19.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:36.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14315 (GCVE-0-2020-14315)
Vulnerability from nvd – Published: 2020-09-16 13:31 – Updated: 2024-08-04 12:39
VLAI
Summary
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.x41-dsec.de/lab/advisories/x41-2020-0… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1856747 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/09/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bsdiff",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "bsdiff 4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability is present in bspatch as shipped in Colin Percival\u2019s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T13:31:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/09/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856747"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14315",
"datePublished": "2020-09-16T13:31:19.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:36.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}