CVE-2020-14315

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-14315
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14315.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14315
Downstream
Published
2020-09-16T14:15:12Z
Modified
2025-01-14T08:22:00.900047Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.

References

Affected packages

Debian:11 / bsdiff

Package

Name
bsdiff
Purl
pkg:deb/debian/bsdiff?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3-22

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / bsdiff

Package

Name
bsdiff
Purl
pkg:deb/debian/bsdiff?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3-22

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / bsdiff

Package

Name
bsdiff
Purl
pkg:deb/debian/bsdiff?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3-22

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/mendsley/bsdiff

Affected ranges

Type
GIT
Repo
https://github.com/mendsley/bsdiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce07a29894acd74c52b975a42c02f11d9483566a

Affected versions

v4.*

v4.3
v4.3-endsley