CVE-2020-27678

Published: Oct 26, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.

Affected (5)

Products: Illumos: Illumos · Joyent: Smartos · Omniosce: Omnios

1 product

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Illumos Illumos	Before 2020-10-22
Joyent Smartos	Before 20201022
Omniosce Omnios	From r151034 to r151034y
Omniosce Omnios	Before r151030by
Omniosce Omnios	From r151032 to r151032ay

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://github.com/illumos/illumos-gate/commit/1d276e0b382cf066dae93640746d8b4c54d15452

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/illumos/illumos-gate/commit/1d276e0b382cf066dae93640746d8b4c54d15452

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.