cvelist/2020/10xxx/CVE-2020-10769.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2020-10769",
        "ASSIGNER": "secalert@redhat.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
                        "cweId": "CWE-119"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Red Hat",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Red Hat Enterprise Linux 7",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "0:3.10.0-1160.11.1.rt56.1145.el7",
                                            "version_affected": "!"
                                        },
                                        {
                                            "version_value": "0:4.14.0-115.29.1.el7a",
                                            "version_affected": "!"
                                        },
                                        {
                                            "version_value": "0:3.10.0-1160.11.1.el7",
                                            "version_affected": "!"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://lkml.org/lkml/2019/1/21/675",
                "refsource": "MISC",
                "name": "https://lkml.org/lkml/2019/1/21/675"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html",
                "refsource": "MISC",
                "name": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"
            },
            {
                "url": "https://access.redhat.com/errata/RHSA-2020:3545",
                "refsource": "MISC",
                "name": "https://access.redhat.com/errata/RHSA-2020:3545"
            },
            {
                "url": "https://access.redhat.com/errata/RHSA-2020:5437",
                "refsource": "MISC",
                "name": "https://access.redhat.com/errata/RHSA-2020:5437"
            },
            {
                "url": "https://access.redhat.com/errata/RHSA-2020:5441",
                "refsource": "MISC",
                "name": "https://access.redhat.com/errata/RHSA-2020:5441"
            },
            {
                "url": "https://access.redhat.com/security/cve/CVE-2020-10769",
                "refsource": "MISC",
                "name": "https://access.redhat.com/security/cve/CVE-2020-10769"
            },
            {
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775",
                "refsource": "MISC",
                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775"
            },
            {
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775%3B",
                "refsource": "MISC",
                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775%3B"
            }
        ]
    },
    "work_around": [
        {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2020-03-20 17:01:13 +00:00			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2020-03-20 17:01:13 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2020-10769",`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`"ASSIGNER": "secalert@redhat.com",`
			`"STATE": "PUBLIC"`
			`},`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",`
			`"cweId": "CWE-119"`
			`}`
			`]`
			`}`
			`]`
			`},`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"vendor_name": "Red Hat",`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`"product": {`
			`"product_data": [`
			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"product_name": "Red Hat Enterprise Linux 7",`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"version_value": "0:3.10.0-1160.11.1.rt56.1145.el7",`
			`"version_affected": "!"`
			`},`
			`{`
			`"version_value": "0:4.14.0-115.29.1.el7a",`
			`"version_affected": "!"`
			`},`
			`{`
			`"version_value": "0:3.10.0-1160.11.1.el7",`
			`"version_affected": "!"`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"url": "https://lkml.org/lkml/2019/1/21/675",`
			`"refsource": "MISC",`
			`"name": "https://lkml.org/lkml/2019/1/21/675"`
			`},`
			`{`
			`"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`"refsource": "MISC",`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`},`
			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html",`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`"refsource": "MISC",`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"name": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html"`
"-Synchronized-Data." 2020-08-06 18:01:24 +00:00			`},`
			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"url": "https://access.redhat.com/errata/RHSA-2020:3545",`
			`"refsource": "MISC",`
			`"name": "https://access.redhat.com/errata/RHSA-2020:3545"`
Bill Situ<Bill.Situ@Oracle.com> On branch cna/Oracle/CPU2021Apr3rdv2 Changes to be committed: modified: 2014/9xxx/CVE-2014-9515.json modified: 2016/2xxx/CVE-2016-2542.json modified: 2016/5xxx/CVE-2016-5725.json modified: 2016/7xxx/CVE-2016-7103.json modified: 2016/9xxx/CVE-2016-9775.json modified: 2017/1000xxx/CVE-2017-1000061.json modified: 2017/12xxx/CVE-2017-12626.json modified: 2017/14xxx/CVE-2017-14735.json modified: 2017/18xxx/CVE-2017-18640.json modified: 2017/5xxx/CVE-2017-5645.json modified: 2018/1000xxx/CVE-2018-1000180.json modified: 2018/1000xxx/CVE-2018-1000613.json modified: 2018/1000xxx/CVE-2018-1000632.json modified: 2018/14xxx/CVE-2018-14040.json modified: 2018/14xxx/CVE-2018-14041.json modified: 2018/14xxx/CVE-2018-14042.json modified: 2018/14xxx/CVE-2018-14550.json modified: 2018/14xxx/CVE-2018-14613.json modified: 2018/16xxx/CVE-2018-16884.json modified: 2018/1xxx/CVE-2018-1285.json modified: 2018/20xxx/CVE-2018-20843.json modified: 2018/8xxx/CVE-2018-8032.json modified: 2019/0xxx/CVE-2019-0219.json modified: 2019/0xxx/CVE-2019-0221.json modified: 2019/0xxx/CVE-2019-0227.json modified: 2019/0xxx/CVE-2019-0228.json modified: 2019/0xxx/CVE-2019-0230.json modified: 2019/0xxx/CVE-2019-0232.json modified: 2019/0xxx/CVE-2019-0233.json modified: 2019/10xxx/CVE-2019-10072.json modified: 2019/10xxx/CVE-2019-10080.json modified: 2019/10xxx/CVE-2019-10086.json modified: 2019/10xxx/CVE-2019-10098.json modified: 2019/10xxx/CVE-2019-10173.json modified: 2019/10xxx/CVE-2019-10246.json modified: 2019/10xxx/CVE-2019-10247.json modified: 2019/10xxx/CVE-2019-10638.json modified: 2019/10xxx/CVE-2019-10639.json modified: 2019/11xxx/CVE-2019-11048.json modified: 2019/11xxx/CVE-2019-11358.json modified: 2019/11xxx/CVE-2019-11487.json modified: 2019/11xxx/CVE-2019-11599.json modified: 2019/12xxx/CVE-2019-12086.json modified: 2019/12xxx/CVE-2019-12399.json modified: 2019/12xxx/CVE-2019-12402.json modified: 2019/12xxx/CVE-2019-12406.json modified: 2019/12xxx/CVE-2019-12415.json modified: 2019/12xxx/CVE-2019-12419.json modified: 2019/12xxx/CVE-2019-12423.json modified: 2019/14xxx/CVE-2019-14379.json modified: 2019/14xxx/CVE-2019-14898.json modified: 2019/15xxx/CVE-2019-15218.json modified: 2019/16xxx/CVE-2019-16746.json modified: 2019/16xxx/CVE-2019-16942.json modified: 2019/17xxx/CVE-2019-17075.json modified: 2019/17xxx/CVE-2019-17133.json modified: 2019/17xxx/CVE-2019-17195.json modified: 2019/17xxx/CVE-2019-17495.json modified: 2019/17xxx/CVE-2019-17566.json modified: 2019/17xxx/CVE-2019-17571.json modified: 2019/17xxx/CVE-2019-17573.json modified: 2019/17xxx/CVE-2019-17632.json modified: 2019/17xxx/CVE-2019-17638.json modified: 2019/18xxx/CVE-2019-18885.json modified: 2019/19xxx/CVE-2019-19052.json modified: 2019/19xxx/CVE-2019-19063.json modified: 2019/19xxx/CVE-2019-19066.json modified: 2019/19xxx/CVE-2019-19073.json modified: 2019/19xxx/CVE-2019-19074.json modified: 2019/19xxx/CVE-2019-19078.json modified: 2019/19xxx/CVE-2019-19535.json modified: 2019/19xxx/CVE-2019-19922.json modified: 2019/1xxx/CVE-2019-1241.json modified: 2019/1xxx/CVE-2019-1551.json modified: 2019/20xxx/CVE-2019-20812.json modified: 2019/3xxx/CVE-2019-3738.json modified: 2019/3xxx/CVE-2019-3739.json modified: 2019/3xxx/CVE-2019-3740.json modified: 2019/3xxx/CVE-2019-3773.json modified: 2019/3xxx/CVE-2019-3874.json modified: 2019/3xxx/CVE-2019-3900.json modified: 2019/5xxx/CVE-2019-5063.json modified: 2019/5xxx/CVE-2019-5064.json modified: 2019/5xxx/CVE-2019-5108.json modified: 2019/7xxx/CVE-2019-7317.json modified: 2019/8xxx/CVE-2019-8331.json modified: 2020/10xxx/CVE-2020-10188.json modified: 2020/10xxx/CVE-2020-10543.json modified: 2020/10xxx/CVE-2020-10683.json modified: 2020/10xxx/CVE-2020-10751.json modified: 2020/10xxx/CVE-2020-10769.json modified: 2020/10xxx/CVE-2020-10878.json modified: 2020/11xxx/CVE-2020-11022.json modified: 2020/11xxx/CVE-2020-11023.json modified: 2020/11xxx/CVE-2020-11612.json modified: 2020/11xxx/CVE-2020-11655.json modified: 2020/11xxx/CVE-2020-11656.json modified: 2020/11xxx/CVE-2020-11973.json modified: 2020/11xxx/CVE-2020-11979.json modified: 2020/11xxx/CVE-2020-11987.json modified: 2020/11xxx/CVE-2020-11994.json modified: 2020/11xxx/CVE-2020-11998.json modified: 2020/12xxx/CVE-2020-12114.json modified: 2020/12xxx/CVE-2020-12723.json modified: 2020/12xxx/CVE-2020-12771.json modified: 2020/13xxx/CVE-2020-13434.json modified: 2020/13xxx/CVE-2020-13435.json modified: 2020/13xxx/CVE-2020-13871.json modified: 2020/13xxx/CVE-2020-13934.json modified: 2020/13xxx/CVE-2020-13935.json modified: 2020/13xxx/CVE-2020-13943.json modified: 2020/13xxx/CVE-2020-13947.json modified: 2020/13xxx/CVE-2020-13954.json modified: 2020/13xxx/CVE-2020-13956.json modified: 2020/14xxx/CVE-2020-14039.json modified: 2020/14xxx/CVE-2020-14060.json modified: 2020/14xxx/CVE-2020-14061.json modified: 2020/14xxx/CVE-2020-14062.json modified: 2020/14xxx/CVE-2020-14195.json modified: 2020/15xxx/CVE-2020-15358.json modified: 2020/15xxx/CVE-2020-15586.json modified: 2020/16xxx/CVE-2020-16166.json modified: 2020/16xxx/CVE-2020-16845.json modified: 2020/17xxx/CVE-2020-17521.json modified: 2020/17xxx/CVE-2020-17527.json modified: 2020/17xxx/CVE-2020-17530.json modified: 2020/1xxx/CVE-2020-1472.json modified: 2020/1xxx/CVE-2020-1927.json modified: 2020/1xxx/CVE-2020-1941.json modified: 2020/1xxx/CVE-2020-1945.json modified: 2020/1xxx/CVE-2020-1967.json modified: 2020/1xxx/CVE-2020-1968.json modified: 2020/1xxx/CVE-2020-1971.json modified: 2020/24xxx/CVE-2020-24394.json modified: 2020/24xxx/CVE-2020-24553.json modified: 2020/24xxx/CVE-2020-24616.json modified: 2020/24xxx/CVE-2020-24750.json modified: 2020/25xxx/CVE-2020-25649.json modified: 2020/26xxx/CVE-2020-26217.json modified: 2020/26xxx/CVE-2020-26418.json modified: 2020/26xxx/CVE-2020-26419.json modified: 2020/26xxx/CVE-2020-26420.json modified: 2020/26xxx/CVE-2020-26421.json modified: 2020/26xxx/CVE-2020-26422.json modified: 2020/27xxx/CVE-2020-27193.json modified: 2020/27xxx/CVE-2020-27216.json modified: 2020/27xxx/CVE-2020-27218.json modified: 2020/27xxx/CVE-2020-27223.json modified: 2020/27xxx/CVE-2020-27841.json modified: 2020/27xxx/CVE-2020-27842.json modified: 2020/27xxx/CVE-2020-27843.json modified: 2020/27xxx/CVE-2020-27844.json modified: 2020/27xxx/CVE-2020-27845.json modified: 2020/28xxx/CVE-2020-28052.json modified: 2020/28xxx/CVE-2020-28196.json modified: 2020/35xxx/CVE-2020-35490.json modified: 2020/35xxx/CVE-2020-35491.json modified: 2020/35xxx/CVE-2020-35728.json modified: 2020/36xxx/CVE-2020-36179.json modified: 2020/36xxx/CVE-2020-36180.json modified: 2020/36xxx/CVE-2020-36181.json modified: 2020/36xxx/CVE-2020-36182.json modified: 2020/36xxx/CVE-2020-36183.json modified: 2020/36xxx/CVE-2020-36184.json modified: 2020/36xxx/CVE-2020-36185.json modified: 2020/36xxx/CVE-2020-36186.json modified: 2020/36xxx/CVE-2020-36187.json modified: 2020/36xxx/CVE-2020-36188.json modified: 2020/36xxx/CVE-2020-36189.json modified: 2020/5xxx/CVE-2020-5359.json modified: 2020/5xxx/CVE-2020-5360.json modified: 2020/5xxx/CVE-2020-5398.json modified: 2020/5xxx/CVE-2020-5407.json modified: 2020/5xxx/CVE-2020-5408.json modified: 2020/5xxx/CVE-2020-5413.json modified: 2020/5xxx/CVE-2020-5421.json modified: 2020/7xxx/CVE-2020-7059.json modified: 2020/7xxx/CVE-2020-7060.json modified: 2020/7xxx/CVE-2020-7067.json modified: 2020/7xxx/CVE-2020-7069.json modified: 2020/7xxx/CVE-2020-7760.json modified: 2020/7xxx/CVE-2020-7774.json modified: 2020/7xxx/CVE-2020-7919.json modified: 2020/8xxx/CVE-2020-8203.json modified: 2020/8xxx/CVE-2020-8277.json modified: 2020/8xxx/CVE-2020-8284.json modified: 2020/8xxx/CVE-2020-8285.json modified: 2020/8xxx/CVE-2020-8286.json modified: 2020/8xxx/CVE-2020-8908.json modified: 2020/9xxx/CVE-2020-9281.json modified: 2020/9xxx/CVE-2020-9327.json modified: 2020/9xxx/CVE-2020-9480.json modified: 2020/9xxx/CVE-2020-9484.json modified: 2020/9xxx/CVE-2020-9488.json modified: 2020/9xxx/CVE-2020-9489.json modified: 2021/20xxx/CVE-2021-20227.json modified: 2021/21xxx/CVE-2021-21290.json modified: 2021/21xxx/CVE-2021-21345.json modified: 2021/22xxx/CVE-2021-22112.json modified: 2021/22xxx/CVE-2021-22173.json modified: 2021/22xxx/CVE-2021-22174.json modified: 2021/22xxx/CVE-2021-22191.json modified: 2021/22xxx/CVE-2021-22883.json modified: 2021/22xxx/CVE-2021-22884.json modified: 2021/23xxx/CVE-2021-23336.json modified: 2021/23xxx/CVE-2021-23839.json modified: 2021/23xxx/CVE-2021-23840.json modified: 2021/23xxx/CVE-2021-23841.json modified: 2021/26xxx/CVE-2021-26117.json modified: 2021/3xxx/CVE-2021-3449.json modified: 2021/3xxx/CVE-2021-3450.json 2021-06-11 10:44:45 -07:00			`},`
			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"url": "https://access.redhat.com/errata/RHSA-2020:5437",`
"-Synchronized-Data." 2021-06-14 18:01:00 +00:00			`"refsource": "MISC",`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"name": "https://access.redhat.com/errata/RHSA-2020:5437"`
			`},`
			`{`
			`"url": "https://access.redhat.com/errata/RHSA-2020:5441",`
			`"refsource": "MISC",`
			`"name": "https://access.redhat.com/errata/RHSA-2020:5441"`
			`},`
			`{`
			`"url": "https://access.redhat.com/security/cve/CVE-2020-10769",`
			`"refsource": "MISC",`
			`"name": "https://access.redhat.com/security/cve/CVE-2020-10769"`
			`},`
			`{`
			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775",`
			`"refsource": "MISC",`
			`"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775"`
			`},`
			`{`
			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775%3B",`
			`"refsource": "MISC",`
			`"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1708775%3B"`
"-Synchronized-Data." 2020-06-26 16:01:31 +00:00			`}`
			`]`
"-Synchronized-Data." 2020-03-20 17:01:13 +00:00			`},`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"work_around": [`
			`{`
			`"lang": "en",`
			`"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
"-Synchronized-Data." 2020-03-20 17:01:13 +00:00			`{`
"-Synchronized-Data." 2023-02-02 21:02:13 +00:00			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 5.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",`
			`"version": "3.1"`
"-Synchronized-Data." 2020-03-20 17:01:13 +00:00			`}`
			`]`
			`}`
			`}`