Main Vulnerability Database Vulnerabilities #VU30496

Out-of-bounds write in libmysofa - CVE-2019-20016

Published: December 27, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30496

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20016

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Christian Hoene

Affected software:
libmysofa

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.

How to mitigate CVE-2019-20016

Install update from vendor's website.

Out-of-bounds write in libmysofa - CVE-2019-20016

Detailed vulnerability description

How to mitigate CVE-2019-20016

Sources

Please verify you're human