Vulnerability Details CVE-2020-17360
An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://seclists.org/fulldisclosure/2020/Aug/8
- http://seclists.org/fulldisclosure/2020/Sep/11
- http://seclists.org/fulldisclosure/2020/Sep/13
- http://seclists.org/fulldisclosure/2020/Sep/14
- https://github.com/ReadyTalk/avian/issues
- http://seclists.org/fulldisclosure/2020/Aug/8
- http://seclists.org/fulldisclosure/2020/Sep/11
- http://seclists.org/fulldisclosure/2020/Sep/13
- http://seclists.org/fulldisclosure/2020/Sep/14
- https://github.com/ReadyTalk/avian/issues