Vulnerability Details CVE-2020-28241
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3
- https://github.com/maxmind/libmaxminddb/issues/236
- https://github.com/maxmind/libmaxminddb/pull/237
- https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
- https://security.gentoo.org/glsa/202011-15
- https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3
- https://github.com/maxmind/libmaxminddb/issues/236
- https://github.com/maxmind/libmaxminddb/pull/237
- https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
- https://security.gentoo.org/glsa/202011-15
Products affected by CVE-2020-28241
-
cpe:2.3:a:maxmind:libmaxminddb:-
-
cpe:2.3:a:maxmind:libmaxminddb:0.5.1
-
cpe:2.3:a:maxmind:libmaxminddb:0.5.2
-
cpe:2.3:a:maxmind:libmaxminddb:0.5.3
-
cpe:2.3:a:maxmind:libmaxminddb:0.5.4
-
cpe:2.3:a:maxmind:libmaxminddb:0.5.5
-
cpe:2.3:a:maxmind:libmaxminddb:0.5.6
-
cpe:2.3:a:maxmind:libmaxminddb:1.0.0
-
cpe:2.3:a:maxmind:libmaxminddb:1.0.1
-
cpe:2.3:a:maxmind:libmaxminddb:1.0.2
-
cpe:2.3:a:maxmind:libmaxminddb:1.0.3
-
cpe:2.3:a:maxmind:libmaxminddb:1.0.4
-
cpe:2.3:a:maxmind:libmaxminddb:1.1.0
-
cpe:2.3:a:maxmind:libmaxminddb:1.1.1
-
cpe:2.3:a:maxmind:libmaxminddb:1.1.2
-
cpe:2.3:a:maxmind:libmaxminddb:1.1.3
-
cpe:2.3:a:maxmind:libmaxminddb:1.1.4
-
cpe:2.3:a:maxmind:libmaxminddb:1.1.5
-
cpe:2.3:a:maxmind:libmaxminddb:1.2.0
-
cpe:2.3:a:maxmind:libmaxminddb:1.2.1
-
cpe:2.3:a:maxmind:libmaxminddb:1.3.0
-
cpe:2.3:a:maxmind:libmaxminddb:1.3.1
-
cpe:2.3:a:maxmind:libmaxminddb:1.3.2
-
cpe:2.3:a:maxmind:libmaxminddb:1.4.0
-
cpe:2.3:a:maxmind:libmaxminddb:1.4.1
-
cpe:2.3:a:maxmind:libmaxminddb:1.4.2
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33