CVE-2020-36149
Published: 08 February 2021
Summary
CVE-2020-36149 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Symonics Libmysofa. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 47.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-23727
Vulnerability details
Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no…
more
memory restrictions (e.g. in embedded environments).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.