Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2020-17361

Published: 12/08/2020 Updated: 11/04/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Avian

Vulnerability Summary

An issue exists in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

readytalk avian 1.2.0

Exploits

Exploit DB: Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks
Noise-Java suffers from an issue located in the AESGCMFallbackCipherStateencryptWithAd() method defined in AESGCMFallbackCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...
Exploit DB: Avian JVM 1.2.0 Silent Return
Avian JVM version 120 suffers from a silent return issue in the vm::arrayCopy method defined in classpath-commonh, where multiple boundary checks are performed to prevent out-of-bounds memory read/write One of these boundary checks makes the code return silently when a negative length is provided instead of throwing an exception ...
Exploit DB: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks
Noise-Java suffers from an issue located in the AESGCMOnCtrCipherStateencryptWithAd() method defined in AESGCMOnCtrCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...
Exploit DB: Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks
Noise-Java suffers from an issue located in the ChaChaPolyCipherStateencryptWithAd() method defined in ChaChaPolyCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...

Mailing Lists

Full Disclosure: Avian JVM vm::arrayCopy() silent return on negative length
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Avian JVM vm::arrayCopy() silent return on negative length <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From ...
Full Disclosure: Noise-Java AESGCMOnCtrCipherState.encryptWithAd() insufficient boundary checks
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Noise-Java AESGCMOnCtrCipherStateencryptWithAd() insufficient boundary checks <!--X-Subject-Header-End--> <!--X-Head- ...

References

CWE-755https://github.com/ReadyTalk/avian/issueshttp://seclists.org/fulldisclosure/2020/Aug/10http://seclists.org/fulldisclosure/2020/Sep/11http://seclists.org/fulldisclosure/2020/Sep/14http://seclists.org/fulldisclosure/2020/Sep/13https://nvd.nist.govhttp://seclists.org/fulldisclosure/2020/Aug/10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook