CVE-2020-4068 - OpenCVE

In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apnswift Project	Apnswift

Configuration 1 [-]

cpe:2.3:a:apnswift_project:apnswift:1.0.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/kylebrowning/APNSwift/commit/97fa7f69dcdd89168fff84e0ba8f999881ee3d3f	Patch
https://github.com/kylebrowning/APNSwift/issues/31	Issue Tracking
https://github.com/kylebrowning/APNSwift/pull/32	Issue Tracking
https://github.com/kylebrowning/APNSwift/security/advisories/GHSA-qh2w-vjxg-mjcg	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-06-22T15:30:17

Updated: 2020-06-22T15:30:17

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4068

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-22T16:15:11.870

Modified: 2020-06-30T14:22:19.767

Link: CVE-2020-4068

JSON object: View

Redhat Information

No data.

CWE

CWE-122

{"containers": {"cna": {"affected": [{"product": "APNSwift", "vendor": "kylebrowning", "versions": [{"status": "affected", "version": "= 1.0.0"}]}], "descriptions": [{"lang": "en", "value": "In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-22T15:30:17", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kylebrowning/APNSwift/security/advisories/GHSA-qh2w-vjxg-mjcg"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kylebrowning/APNSwift/issues/31"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kylebrowning/APNSwift/pull/32"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kylebrowning/APNSwift/commit/97fa7f69dcdd89168fff84e0ba8f999881ee3d3f"}], "source": {"advisory": "GHSA-qh2w-vjxg-mjcg", "discovery": "UNKNOWN"}, "title": "Heap-based Buffer Overflow in APNSwift", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-4068", "STATE": "PUBLIC", "TITLE": "Heap-based Buffer Overflow in APNSwift"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "APNSwift", "version": {"version_data": [{"version_value": "= 1.0.0"}]}}]}, "vendor_name": "kylebrowning"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kylebrowning/APNSwift/security/advisories/GHSA-qh2w-vjxg-mjcg", "refsource": "CONFIRM", "url": "https://github.com/kylebrowning/APNSwift/security/advisories/GHSA-qh2w-vjxg-mjcg"}, {"name": "https://github.com/kylebrowning/APNSwift/issues/31", "refsource": "MISC", "url": "https://github.com/kylebrowning/APNSwift/issues/31"}, {"name": "https://github.com/kylebrowning/APNSwift/pull/32", "refsource": "MISC", "url": "https://github.com/kylebrowning/APNSwift/pull/32"}, {"name": "https://github.com/kylebrowning/APNSwift/commit/97fa7f69dcdd89168fff84e0ba8f999881ee3d3f", "refsource": "MISC", "url": "https://github.com/kylebrowning/APNSwift/commit/97fa7f69dcdd89168fff84e0ba8f999881ee3d3f"}]}, "source": {"advisory": "GHSA-qh2w-vjxg-mjcg", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-4068", "datePublished": "2020-06-22T15:30:17", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2020-06-22T15:30:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apnswift_project:apnswift:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "15C15C89-986E-4A2C-AB33-92A3C5417759", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1."}, {"lang": "es", "value": "En APNSwift versi\u00f3n 1.0.0, llamando a APNSwiftSigner.sign(digest:) es probable que resulte en un desbordamiento del b\u00fafer de la pila. Esto se ha corregido en la versi\u00f3n 1.0.1"}], "id": "CVE-2020-4068", "lastModified": "2020-06-30T14:22:19.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-06-22T16:15:11.870", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kylebrowning/APNSwift/commit/97fa7f69dcdd89168fff84e0ba8f999881ee3d3f"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/kylebrowning/APNSwift/issues/31"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/kylebrowning/APNSwift/pull/32"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/kylebrowning/APNSwift/security/advisories/GHSA-qh2w-vjxg-mjcg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}