CVE-2019-20367

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
freedesktoplibbsd
𝑥
< 0.10.0
debiandebian_linux
9.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libbsd
bullseye
0.11.3-1+deb11u1
fixed
jessie
no-dsa
bookworm
0.11.7-2
fixed
sid
0.12.2-2
fixed
trixie
0.12.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libbsd
eoan
not-affected
disco
Fixed 0.9.1-2ubuntu0.1
released
bionic
Fixed 0.8.7-1ubuntu0.1
released
xenial
Fixed 0.8.2-1ubuntu0.1
released
trusty
Fixed 0.6.0-2ubuntu1+esm1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html
https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html
https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
https://usn.ubuntu.com/4243-1/
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html
https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html
https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
https://usn.ubuntu.com/4243-1/