Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-17360

Published: 12/08/2020 Updated: 11/04/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Readytalk

Vulnerability Summary

An issue exists in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

readytalk avian 1.2.0

Exploits

Exploit DB: Avian JVM 1.2.0 Integer Overflow
Avian JVM version 120 suffers from multiple vm::arrayCopy() integer overflow vulnerabilities ...
Exploit DB: Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks
Noise-Java suffers from an issue located in the AESGCMFallbackCipherStateencryptWithAd() method defined in AESGCMFallbackCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...
Exploit DB: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks
Noise-Java suffers from an issue located in the AESGCMOnCtrCipherStateencryptWithAd() method defined in AESGCMOnCtrCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...
Exploit DB: Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks
Noise-Java suffers from an issue located in the ChaChaPolyCipherStateencryptWithAd() method defined in ChaChaPolyCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...

Mailing Lists

Full Disclosure: Avian JVM vm::arrayCopy() Multiple Integer Overflows
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Avian JVM vm::arrayCopy() Multiple Integer Overflows <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Piet ...
Full Disclosure: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Noise-Java AESGCMOnCtrCipherStateencryptWithAd() insufficient boundary checks <!--X-Subject-Header-End--> <!--X-Head- ...

References

CWE-125CWE-787CWE-190https://github.com/ReadyTalk/avian/issueshttp://seclists.org/fulldisclosure/2020/Aug/8http://seclists.org/fulldisclosure/2020/Sep/11http://seclists.org/fulldisclosure/2020/Sep/14http://seclists.org/fulldisclosure/2020/Sep/13https://nvd.nist.govhttp://seclists.org/fulldisclosure/2020/Aug/8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook