Vulnerability Details CVE-2020-8896
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.3%
CVSS Severity
CVSS v3 Score 4.2
CVSS v2 Score 4.3
References
Products affected by CVE-2020-8896
-
cpe:2.3:a:google:earth:5.0
-
cpe:2.3:a:google:earth:5.0.1
-
cpe:2.3:a:google:earth:5.1
-
cpe:2.3:a:google:earth:6.0.2
-
cpe:2.3:a:google:earth:6.1
-
cpe:2.3:a:google:earth:6.2
-
cpe:2.3:a:google:earth:7.0
-
cpe:2.3:a:google:earth:7.0.2
-
cpe:2.3:a:google:earth:7.0.3.8542
-
cpe:2.3:a:google:earth:7.1.1.1580
-
cpe:2.3:a:google:earth:7.1.1.1871
-
cpe:2.3:a:google:earth:7.1.1.1888
-
cpe:2.3:a:google:earth:7.1.2.2041
-
cpe:2.3:a:google:earth:7.1.4.1529
-
cpe:2.3:a:google:earth:7.1.5.1557
-
cpe:2.3:a:google:earth:7.1.7.2600
-
cpe:2.3:a:google:earth:7.1.7.2602
-
cpe:2.3:a:google:earth:7.1.7.2606
-
cpe:2.3:a:google:earth:7.1.8.3036
-
cpe:2.3:a:google:earth:7.3.0
-
cpe:2.3:a:google:earth:7.3.1
-
cpe:2.3:a:google:earth:7.3.2