From 34164c21bc557e36de23d5fbd44dbea95d507514 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 3 Dec 2020 14:01:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/6xxx/CVE-2020-6017.json | 50 +++++++++++++++++++++++++++++++++--- 2020/6xxx/CVE-2020-6021.json | 50 +++++++++++++++++++++++++++++++++--- 2 files changed, 94 insertions(+), 6 deletions(-) diff --git a/2020/6xxx/CVE-2020-6017.json b/2020/6xxx/CVE-2020-6017.json index d0010f11dd4..cbd3acbde87 100644 --- a/2020/6xxx/CVE-2020-6017.json +++ b/2020/6xxx/CVE-2020-6017.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6017", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Game Networking Sockets", + "version": { + "version_data": [ + { + "version_value": "All versions prior to v1.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43", + "url": "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution." } ] } diff --git a/2020/6xxx/CVE-2020-6021.json b/2020/6xxx/CVE-2020-6021.json index d24b2b2515f..64514ed289c 100644 --- a/2020/6xxx/CVE-2020-6021.json +++ b/2020/6xxx/CVE-2020-6021.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6021", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Check Point Endpoint Security Client for Windows", + "version": { + "version_data": [ + { + "version_value": "before version E84.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://supportcontent.checkpoint.com/solutions?id=sk170512", + "url": "https://supportcontent.checkpoint.com/solutions?id=sk170512" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client\u2019s privileges." } ] }