Bug 1856747 (CVE-2020-14315)
| Summary: | CVE-2020-14315 bsdiff: handling external inputs allows attacker to bypass sanity checks | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | jnovy, michel |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in bsdiff. Memory corruption is possible due to insufficient checks when handling external inputs allowing an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-07-14 13:28:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1856748, 1856749 | ||
| Bug Blocks: | |||
|
Description
Dhananjay Arunesh
2020-07-14 11:24:09 UTC
Created bsdiff tracking bugs for this issue: Affects: epel-6 [bug 1856749] Affects: fedora-all [bug 1856748] This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |