Lucene search

KrcertCVELIST:CVE-2020-7837

HistoryDec 16, 2020 - 4:09 p.m.

CVE-2020-7837

2020-12-1616:09:34

CWE-121

krcert

www.cve.org

ml report program

stack-based buffer overflow

vsprintf

crafted web page

infraware ml report 2.19.312.0000

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

An issue was discovered in ML Report Program. There is a stack-based buffer overflow in function sub_41EAF0 at MLReportDeamon.exe. The function will call vsprintf without checking the length of strings in parameters given by attacker. And it finally leads to a stack-based buffer overflow via access to crafted web page. This issue affects: Infraware ML Report 2.19.312.0000.

CNA Affected

[
  {
    "product": "ML Report",
    "vendor": "Infraware",
    "versions": [
      {
        "status": "affected",
        "version": "2.19.312.0000"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35849

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Related for CVELIST:CVE-2020-7837