CVE-2020-11068 - OpenCVE

In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Semtech	Loramac-node

Configuration 1 [-]

cpe:2.3:a:semtech:loramac-node:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Lora-net/LoRaMac-node/commit/e3063a91daa7ad8a687223efa63079f0c24568e4
https://github.com/Lora-net/LoRaMac-node/security/advisories/GHSA-559p-6xgm-fpv9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-06-23T16:40:12

Updated: 2024-08-04T11:21:14.647Z

Reserved: 2020-03-30T00:00:00

Link: CVE-2020-11068

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-23T17:15:11.500

Modified: 2020-07-01T18:38:14.077

Link: CVE-2020-11068

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "LoRaMac-node", "vendor": "LoRa", "versions": [{"status": "affected", "version": "< 4.4.4"}]}], "descriptions": [{"lang": "en", "value": "In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-23T16:40:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Lora-net/LoRaMac-node/security/advisories/GHSA-559p-6xgm-fpv9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Lora-net/LoRaMac-node/commit/e3063a91daa7ad8a687223efa63079f0c24568e4"}], "source": {"advisory": "GHSA-559p-6xgm-fpv9", "discovery": "UNKNOWN"}, "title": "Potential Buffer Overflow in LoRaMac-node", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11068", "STATE": "PUBLIC", "TITLE": "Potential Buffer Overflow in LoRaMac-node"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LoRaMac-node", "version": {"version_data": [{"version_value": "< 4.4.4"}]}}]}, "vendor_name": "LoRa"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Lora-net/LoRaMac-node/security/advisories/GHSA-559p-6xgm-fpv9", "refsource": "CONFIRM", "url": "https://github.com/Lora-net/LoRaMac-node/security/advisories/GHSA-559p-6xgm-fpv9"}, {"name": "https://github.com/Lora-net/LoRaMac-node/commit/e3063a91daa7ad8a687223efa63079f0c24568e4", "refsource": "MISC", "url": "https://github.com/Lora-net/LoRaMac-node/commit/e3063a91daa7ad8a687223efa63079f0c24568e4"}]}, "source": {"advisory": "GHSA-559p-6xgm-fpv9", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.647Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Lora-net/LoRaMac-node/security/advisories/GHSA-559p-6xgm-fpv9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Lora-net/LoRaMac-node/commit/e3063a91daa7ad8a687223efa63079f0c24568e4"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11068", "datePublished": "2020-06-23T16:40:12", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-08-04T11:21:14.647Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:semtech:loramac-node:*:*:*:*:*:*:*:*", "matchCriteriaId": "285BEBFB-4B3E-4537-910F-56180BD77544", "versionEndExcluding": "4.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In LoRaMac-node before 4.4.4, a reception buffer overflow can happen due to the received buffer size not being checked. This has been fixed in 4.4.4."}, {"lang": "es", "value": "En el nodo LoRaMac versiones anteriores a 4.4.4, un desbordamiento del b\u00fafer de recepci\u00f3n puede presentarse debido a que no es comprobado el tama\u00f1o del b\u00fafer recibido. Esto ha sido corregido en la versi\u00f3n 4.4.4"}], "id": "CVE-2020-11068", "lastModified": "2020-07-01T18:38:14.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-06-23T17:15:11.500", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Lora-net/LoRaMac-node/commit/e3063a91daa7ad8a687223efa63079f0c24568e4"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Lora-net/LoRaMac-node/security/advisories/GHSA-559p-6xgm-fpv9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "security-advisories@github.com", "type": "Primary"}]}