U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.
References
Link | Resource |
---|---|
https://www.riverloopsecurity.com/blog/2020/09/nitf-extract75-cve-2020-13995/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-25T12:58:27
Updated: 2020-09-25T12:58:27
Reserved: 2020-06-09T00:00:00
Link: CVE-2020-13995
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-25T13:15:12.230
Modified: 2022-05-03T16:04:40.443
Link: CVE-2020-13995
JSON object: View
Redhat Information
No data.
CWE