Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-14315

Published: 16/09/2020 Updated: 01/01/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an malicious user to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

daemonology bsdiff 4.3

Vendor Advisories

Debian CVElist Bug Report Logs: bsdiff: CVE-2020-14315
Debian Bug report logs - #964796 bsdiff: CVE-2020-14315 Package: src:bsdiff; Maintainer for src:bsdiff is Jari Aalto <jariaalto@cantenet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 Jul 2020 14:51:40 UTC Severity: important Tags: patch, security, upstream Found in version bsdiff/43-21 ...

Mailing Lists

Full Disclosure: X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 X41 D-SEC GmbH Security Advisory: X41-2020-006 Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch ================================================================= Severity Rating: High Confirmed Affected Versions: Colin Percival's bsdiff 43 Confirmed Patched Versions: FreeBSD's bsd ...
Full Disclosure: X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch <!--X-Subject-Header-End--> <!--X-He ...

Github Repositories

https://github.com/petervas/bsdifflib

Portable binary diff/patch library based on the binary diff/patch utilities bsdiff/bspatch

Binary diff/patch library (bsdifflib/bspatchlib) 12 is based on the original binary diff/patch utility (bsdiff/bspatch) by Colin Percival and the Win32 port by Andreas John Binary diff/patch library adds an API to make it usable as a cross-platform C/C++ library This library generates patches that are compatible with the original bsdiff tool The patch routine now works on m

https://github.com/VGtalion/bsdiff

Binary diff/patch utility

bsdiff 431 This is based on the source code of bsdiff 43 (and bspatch 43), from daemonology : wwwdaemonologynet/bsdiff/ The folloowing debian patches have been applyed : 10-no-bsd-makepatch 20-CVE-2014-9862patch 30-bug-632585-mmap-src-file-instead-of-malloc-read-itpatch 31-bug-632585-mmap-dst-file-instead-of-malloc-read-itpatch 32-bug-632585-use-int32_t-inste

References

CWE-787https://bugzilla.redhat.com/show_bug.cgi?id=1856747https://www.openwall.com/lists/oss-security/2020/07/09/2https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964796https://nvd.nist.govhttps://github.com/petervas/bsdifflib
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30043cameraCVE-2023-40404CVE-2024-2793client sideCVE-2024-4469CVE-2024-3565CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook