CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
71.5%
Software: libmysofa 1.3.1
OS: ROSA-CHROME
package_evr_string: libmysofa-1.3.1-1.src.rpm
CVE-ID: CVE-2020-36148
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Improper handling of input to theverifyAttribute function in the libmysofa 0.5-1.1 library will result in dereferencing a null pointer and a segmentation error in case of restrictive memory protection or overwriting a near-zero pointer in case of no memory restrictions (e.g., in embedded environments).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libmysofa
CVE-ID: CVE-2020-36149
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Improper handling of input to thechangeAttribute function in the libmysofa 0.5-1.1 library will result in a null pointer dereference and segmentation error in the case of restrictive memory protection or a near-zero pointer overwrite in the case of no memory restrictions (e.g., in embedded environments).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libmysofa
CVE-ID: CVE-2020-36150
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Incorrect handling of input to the volume function in the libmysofa 0.5 - 1.1 library will result in a heap buffer overflow and access to an unallocated memory block.
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update libmysofa
CVE-ID: CVE-2020-36151
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Improper input processing in the mysofa_resampler_reset_mem function in the libmysofa 0.5 - 1.1 library will cause a heap buffer overflow and overwrite a large block of memory.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libmysofa
CVE-ID: CVE-2020-36152
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5-1.1 allows attackers to execute arbitrary code through a crafted SOFA.
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update libmysofa
CVE-ID: CVE-2021-3756
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: libmysofa is vulnerable to heap-based buffer overflow
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libmysofa
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
71.5%