CVE-2020-15350 - OpenCVE

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Riot-os	Riot

Configuration 1 [-]

cpe:2.3:o:riot-os:riot:2020.04:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/file/d/1jMCAi8uawV1-an5uCghIxT2TEdxCE1Lk/view?usp=sharing
https://github.com/RIOT-OS/RIOT/pull/14400

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-07T16:37:39

Updated: 2024-08-04T13:15:20.192Z

Reserved: 2020-06-26T00:00:00

Link: CVE-2020-15350

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-07T17:15:10.530

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-15350

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-07T16:37:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/file/d/1jMCAi8uawV1-an5uCghIxT2TEdxCE1Lk/view?usp=sharing"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/RIOT-OS/RIOT/pull/14400"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15350", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/file/d/1jMCAi8uawV1-an5uCghIxT2TEdxCE1Lk/view?usp=sharing", "refsource": "MISC", "url": "https://drive.google.com/file/d/1jMCAi8uawV1-an5uCghIxT2TEdxCE1Lk/view?usp=sharing"}, {"name": "https://github.com/RIOT-OS/RIOT/pull/14400", "refsource": "MISC", "url": "https://github.com/RIOT-OS/RIOT/pull/14400"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:20.192Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/file/d/1jMCAi8uawV1-an5uCghIxT2TEdxCE1Lk/view?usp=sharing"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RIOT-OS/RIOT/pull/14400"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15350", "datePublished": "2020-07-07T16:37:39", "dateReserved": "2020-06-26T00:00:00", "dateUpdated": "2024-08-04T13:15:20.192Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:riot-os:riot:2020.04:*:*:*:*:*:*:*", "matchCriteriaId": "C1CD36D1-6BE1-4262-9EC7-EFA988AE95E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow."}, {"lang": "es", "value": "RIOT versi\u00f3n 2020.04, presenta un desbordamiento del b\u00fafer en el decodificador base64. La funci\u00f3n de decodificaci\u00f3n base64_decode() usa una funci\u00f3n de estimaci\u00f3n del b\u00fafer de salida para calcular la capacidad de b\u00fafer requerida y comprobarla con el tama\u00f1o del b\u00fafer proporcionado. La funci\u00f3n base64_estimate_decode_size() calcula el tama\u00f1o descodificado esperado con un error de redondeo aritm\u00e9tico y no toma en cuenta los posibles bytes de relleno. Debido a esta subestimaci\u00f3n, puede ser posible crear una entrada base64 que cause un desbordamiento del b\u00fafer"}], "id": "CVE-2020-15350", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-07T17:15:10.530", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://drive.google.com/file/d/1jMCAi8uawV1-an5uCghIxT2TEdxCE1Lk/view?usp=sharing"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/RIOT-OS/RIOT/pull/14400"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-131"}], "source": "nvd@nist.gov", "type": "Primary"}]}