SB2020072422 - Multiple vulnerabilities in freewvs
Published: July 24, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2020-15100)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote authenticated attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Resource exhaustion (CVE-ID: CVE-2020-15101)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources because of Python's recursion limit and "os.walk()". A remote authenticated attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/schokokeksorg/freewvs/commit/18bbf2043e53f69e0119d24f8ae4edb274afb9b2
- https://github.com/schokokeksorg/freewvs/security/advisories/GHSA-9cfv-9463-8gqv
- https://github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143
- https://github.com/schokokeksorg/freewvs/security/advisories/GHSA-7pmh-vrww-25xx