CVE-2020-36406 - OpenCVE

uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Uwebsockets Project	Uwebsockets

Configuration 1 [-]

AND

OR	cpe:2.3:a:uwebsockets_project:uwebsockets:18.11.0:::::node.js::
	cpe:2.3:a:uwebsockets_project:uwebsockets:18.12.0:::::node.js::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml
https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-01T02:52:36

Updated: 2024-08-04T17:23:10.562Z

Reserved: 2021-07-01T00:00:00

Link: CVE-2020-36406

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-01T03:15:08.000

Modified: 2024-08-04T18:15:45.067

Link: CVE-2020-36406

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is \"a minor issue or not even an issue at all\" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-17T19:17:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36406", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is \"a minor issue or not even an issue at all\" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml", "refsource": "MISC", "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml"}, {"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381"}, {"name": "https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759", "refsource": "MISC", "url": "https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:10.562Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36406", "datePublished": "2021-07-01T02:52:36", "dateReserved": "2021-07-01T00:00:00", "dateUpdated": "2024-08-04T17:23:10.562Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uwebsockets_project:uwebsockets:18.11.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "3AB9BB26-DE76-4B8A-8D56-998171A2F2B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:uwebsockets_project:uwebsockets:18.12.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "58A20B85-0F50-4B08-91F1-4541CA700FD7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is \"a minor issue or not even an issue at all\" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate"}, {"lang": "es", "value": "** EN DISPUTA ** uWebSockets versiones 18.11.0 y 18.12.0, presenta un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n uWS::TopicTree::trimTree (llamado desde uWS::TopicTree::unsubscribeAll) NOTA: la posici\u00f3n del proveedor es que esto es \"un problema menor o ni siquiera un problema\" porque el desarrollador de una aplicaci\u00f3n (que utiliza uWebSockets) no deber\u00eda permitir que se acumule el gran n\u00famero de temas activados."}], "id": "CVE-2020-36406", "lastModified": "2024-08-04T18:15:45.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-01T03:15:08.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}