CVE-2020-28241
N/A
N/A
Summary
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/maxmind/libmaxminddb/issues/236
- https://github.com/maxmind/libmaxminddb/pull/237
- https://github.com/maxmind/libmaxminddb/compare/1.4.2…1.4.3
- https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html
- https://security.gentoo.org/glsa/202011-15
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
References
- https://github.com/maxmind/libmaxminddb/issues/236
- https://github.com/maxmind/libmaxminddb/pull/237
- https://github.com/maxmind/libmaxminddb/compare/1.4.2…1.4.3
- https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html
- https://security.gentoo.org/glsa/202011-15
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.