CVE-2019-20367

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libbsd versions prior to 0.10.0

Description The issue is related to an out-of-bounds read in the nlist.c file of the libbsd library. This occurs during a comparison for a symbol name from the string table (strtab). The exploitation of this issue may allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For libbsd versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data handled by the libbsd library until the update is applied.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-2720

ALT-PU-2023-1981

BDU:2021-03611

CVE-2019-20367

DLA-2566-1

MGASA-2020-0061

OPENSUSE-SU-2020:0679-1

OPENSUSE-SU-2020_0679-1

SUSE-SU-2020:1298-1

SUSE-SU-2020_1298-1

USN-4243-1

Affected Products

Alt Linux

Astra Linux

Suse

Ubuntu

Libbsd

CVE-2019-20367

Weakness Enumeration

Related Identifiers

Affected Products

References · 39