Lucene search

[email protected]NVD:CVE-2020-24827

HistoryAug 04, 2021 - 3:15 p.m.

CVE-2020-24827

2021-08-0415:15:08

[email protected]

web.nvd.nist.gov

vulnerability

libelfin v0.3

denial of service

crafted elf file

segmentation fault

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.

Affected configurations

Nvd

Node

libelfin_projectlibelfinMatch0.3

VendorProductVersionCPE
libelfin_projectlibelfin0.3cpe:2.3:a:libelfin_project:libelfin:0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libelfin_project	libelfin	0.3	cpe:2.3:a:libelfin_project:libelfin:0.3:::::::*

References

github.com/aclements/libelfin/issues/47

github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

Related for NVD:CVE-2020-24827

ubuntucve1 osv1 prion1 cvelist1 cve1 debiancve1 cnvd1