A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
References
Link | Resource |
---|---|
https://hackerone.com/reports/966347 | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/06/msg00028.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-08-30T13:43:55
Updated: 2021-07-01T02:06:10
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8244
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-30T15:15:12.167
Modified: 2022-05-24T17:31:33.843
Link: CVE-2020-8244
JSON object: View
Redhat Information
No data.