CVE-2020-15292 - OpenCVE

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitdefender	Hypervisor Introspection

Configuration 1 [-]

cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2020-12-17T16:45:19.079767Z

Updated: 2024-09-16T18:19:26.509Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15292

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-17T17:15:12.783

Modified: 2020-12-22T15:30:51.720

Link: CVE-2020-15292

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Hypervisor Introspection", "vendor": "Bitdefender", "versions": [{"lessThan": "1.132.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ilja Van Sprundel from IOActive"}], "datePublic": "2020-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-17T16:45:18", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"}], "solutions": [{"lang": "en", "value": "The issue has been fixed in Introcore 1.132.2."}], "source": {"defect": ["VA-9333"], "discovery": "EXTERNAL"}, "title": "Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2020-12-17T19:00:00.000Z", "ID": "CVE-2020-15292", "STATE": "PUBLIC", "TITLE": "Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Hypervisor Introspection", "version": {"version_data": [{"version_affected": "<", "version_value": "1.132.2"}]}}]}, "vendor_name": "Bitdefender"}]}}, "credit": [{"lang": "eng", "value": "Ilja Van Sprundel from IOActive"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"}]}, "solution": [{"lang": "en", "value": "The issue has been fixed in Introcore 1.132.2."}], "source": {"defect": ["VA-9333"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:19.054Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"}]}]}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2020-15292", "datePublished": "2020-12-17T16:45:19.079767Z", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-09-16T18:19:26.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE339FF-189B-407E-9801-E406DE2CCA17", "versionEndExcluding": "1.132.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations."}, {"lang": "es", "value": "Una falta de comprobaci\u00f3n en los datos le\u00eddos desde la memoria del invitado en IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol e IntLixTaskDumpTree, puede conllevar a una lectura fuera de l\u00edmites o podr\u00eda causar una DoS debido a un exceso de enteros (IntPeGetDirectory), una TOCTOU (IntPeParseUnwindData) o una comprobaci\u00f3n insuficiente"}], "id": "CVE-2020-15292", "lastModified": "2020-12-22T15:30:51.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2020-12-17T17:15:12.783", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}