Lucene search

[email protected]CVE-2020-27828

HistoryDec 11, 2020 - 4:15 a.m.

CVE-2020-27828

2020-12-1104:15:11

CWE-20

[email protected]

web.nvd.nist.gov

214

cve-2020-27828

jasper

jpc encoder

out-of-bounds write

data confidentiality

data integrity

application availability

security vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

There’s a flaw in jasper’s jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

Affected configurations

Vulners

NVD

Node

jasper_projectjasperRange≤2.0.23

VendorProductVersionCPE
jasper_projectjasper*cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jasper_project	jasper	*	cpe:2.3:a:jasper_project:jasper::::::::

CNA Affected

[
  {
    "product": "jasper",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 2.0.23"
      }
    ]
  }
]