CVE-2020-37178
4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Keepass | KeePass Password Safe | < 2.44 | affected |
Weaknesses
- CWE-94: Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/47952
- https://keepass.info/
- https://www.vulncheck.com/advisories/keepass-denial-of-service-poc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.