CVE-2020-36149
6.5
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).
How to fix CVE-2020-36149
To remediate CVE-2020-36149, upgrade the affected package to a fixed version below.
- Debian/libmysofa—upgrade to 1.2~dfsg0-1 or later
Is CVE-2020-36149 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2~dfsg0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |