CVE-2020-8230

Published: Aug 17, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.

Affected (1)

Products: Nextcloud: Desktop

Nextcloud

1 product

Desktop

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nextcloud Desktop	Before 2.6.5

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://hackerone.com/reports/380102

Source: support@hackerone.com

Issue TrackingPatchThird Party Advisory

https://nextcloud.com/security/advisory/?id=NC-SA-2020-035

Source: support@hackerone.com

Broken LinkVendor Advisory

https://hackerone.com/reports/380102

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://nextcloud.com/security/advisory/?id=NC-SA-2020-035

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.