CVE-2020-36148
6.5
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
How to fix CVE-2020-36148
To remediate CVE-2020-36148, upgrade the affected package to a fixed version below.
- Debian/libmysofa—upgrade to 1.2~dfsg0-1 or later
Is CVE-2020-36148 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2~dfsg0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |