-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2014-125026.json
137 lines (137 loc) · 3.95 KB
/
CVE-2014-125026.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
{
"id": "CVE-2014-125026",
"sourceIdentifier": "[email protected]",
"vulnStatus": "Analyzed",
"published": "2022-12-27T22:15:10.883000",
"lastModified": "2023-01-06T15:24:30.237000",
"evaluatorComment": null,
"evaluatorSolution": null,
"evaluatorImpact": null,
"cisaExploitAdd": null,
"cisaActionDue": null,
"cisaRequiredAction": null,
"cisaVulnerabilityName": null,
"descriptions": [
{
"lang": "en",
"value": "LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input."
},
{
"lang": "es",
"value": "Los enlaces LZ4 utilizan una API C obsoleta que es vulnerable a la corrupción de la memoria, lo que podría provocar la ejecución de código arbitrario si se llama con entradas de usuarios que no son de confianza."
}
],
"references": [
{
"url": "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898",
"source": "[email protected]",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/cloudflare/golz4/issues/5",
"source": "[email protected]",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0022",
"source": "[email protected]",
"tags": [
"Patch",
"Vendor Advisory"
]
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"exploitCodeMaturity": null,
"remediationLevel": null,
"reportConfidence": null,
"temporalScore": null,
"temporalSeverity": null,
"confidentialityRequirement": null,
"integrityRequirement": null,
"availabilityRequirement": null,
"modifiedAttackVector": null,
"modifiedAttackComplexity": null,
"modifiedPrivilegesRequired": null,
"modifiedUserInteraction": null,
"modifiedScope": null,
"modifiedConfidentialityImpact": null,
"modifiedIntegrityImpact": null,
"modifiedAvailabilityImpact": null,
"environmentalScore": null,
"environmentalSeverity": null
},
"baseSeverity": null,
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"acInsufInfo": null,
"obtainAllPrivilege": null,
"obtainUserPrivilege": null,
"obtainOtherPrivilege": null,
"userInteractionRequired": null
}
],
"cvssMetricV30": null,
"cvssMetricV2": null
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": null,
"negate": null,
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudflare:golz4:*:*:*:*:*:go:*:*",
"matchCriteriaId": "CF7258F9-47C1-4E63-A1FD-5BB5378558BA",
"versionStartExcluding": null,
"versionStartIncluding": null,
"versionEndExcluding": "2014-07-11",
"versionEndIncluding": null
}
]
}
]
}
],
"vendorComments": null
}