CVE-2020-37109

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions aSc TimeTables version 2020.11.4

Description The application can be crashed, leading to a denial of service, by overwriting the Subject title field with a large buffer. An attacker can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potential instability. The vulnerable field is the Subject title.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2020-37109

Affected Products

Asc Timetables

CVE-2020-37109

Weakness Enumeration

Related Identifiers

Affected Products

References · 6