nvd-json-data-feeds/CVE-2020/CVE-2020-149xx/CVE-2020-14939.json

{
  "id": "CVE-2020-14939",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-06-23T10:15:10.267",
  "lastModified": "2020-07-01T19:43:10.963",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en el archivo savetruct_internal.c en FreedroidRPG versi\u00f3n 1.0rc2. Los archivos de juego guardados est\u00e1n compuestos por scripts Lua que recuperan el estado de un juego. Un archivo puede ser modificado para poner cualquier c\u00f3digo Lua dentro, conllevando a una ejecuci\u00f3n de c\u00f3digo arbitrario durante la carga"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:freedroid:freedroidrpg:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BAFB35D5-E022-4A18-824B-0D48BC98A0AA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugs.freedroid.org/b/issue953",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://logicaltrust.net/blog/2020/02/freedroid.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}