CVE-2020-24753

Published: Sep 17, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.

Affected (1)

Products: Objective Open Cbor Run Time Project: Objective Open Cbor Run Time

Objective Open Cbor Run Time Project

1 product

Objective Open Cbor Run Time

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Objective Open Cbor Run Time Project Objective Open Cbor Run Time	Before 2020-08-12

Related CWEs

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (4)

https://github.com/objsys/oocborrt/commit/539851c66778f68a244633985f6f8d0df94ea3b3

Source: cve@mitre.org

PatchThird Party Advisory

https://warcollar.com/cve-2020-24753.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/objsys/oocborrt/commit/539851c66778f68a244633985f6f8d0df94ea3b3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://warcollar.com/cve-2020-24753.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.