CVE-2020-8109 - Vulnerability Details - OpenCVE

Description

A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.

Published: 2020-10-01

Score: 5.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Bitdefender

Bitdefender Engines

affected

Version	Status	Constraints
`unspecified`	affected	≤ 7.84892

Configuration 1 [-]

cpe:2.3:a:bitdefender:engines:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Bitdefender has issued an update in engines version 7.84892 to correct this vulnerability

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-29020	A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00277.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772

History

No history.

Subscriptions

Bitdefender Engines

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2020-10-01T13:05:23.197Z

Updated: 2024-09-17T02:27:57.606Z

Reserved: 2020-01-28T00:00:00.000Z

Link: CVE-2020-8109

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-01T13:15:12.443

Modified: 2024-11-21T05:38:18.793

Link: CVE-2020-8109

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

{"containers": {"cna": {"affected": [{"product": "Bitdefender Engines", "vendor": "Bitdefender", "versions": [{"lessThanOrEqual": "7.84892", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "David Lanzenberger"}], "datePublic": "2020-10-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-01T13:05:22.000Z", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"}], "solutions": [{"lang": "en", "value": "Bitdefender has issued an update in engines version 7.84892 to correct this vulnerability"}], "source": {"defect": ["VA-8772"], "discovery": "EXTERNAL"}, "title": "Bitdefender ace.xmd parser out-of-bounds write (VA-8772)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2020-10-01T14:00:00.000Z", "ID": "CVE-2020-8109", "STATE": "PUBLIC", "TITLE": "Bitdefender ace.xmd parser out-of-bounds write (VA-8772)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bitdefender Engines", "version": {"version_data": [{"version_affected": "<=", "version_value": "7.84892"}]}}]}, "vendor_name": "Bitdefender"}]}}, "credit": [{"lang": "eng", "value": "David Lanzenberger"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"}]}, "solution": [{"lang": "en", "value": "Bitdefender has issued an update in engines version 7.84892 to correct this vulnerability"}], "source": {"defect": ["VA-8772"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:25.648Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"}]}]}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2020-8109", "datePublished": "2020-10-01T13:05:23.197Z", "dateReserved": "2020-01-28T00:00:00.000Z", "dateUpdated": "2024-09-17T02:27:57.606Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:engines:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8E80377-732D-4BCD-8E66-C56CF6E623B1", "versionEndIncluding": "7.84892", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en el analizador ace.xmd que resulta de una falta de comprobaci\u00f3n apropiada de los datos suministrados por el usuario, lo que puede resultar en una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Esto puede resultar en una denegaci\u00f3n de servicio. Este problema afecta a: Bitdefender Engines versiones 7.84892 y versiones anteriores"}], "id": "CVE-2020-8109", "lastModified": "2024-11-21T05:38:18.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-01T13:15:12.443", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-ace-xmd-parser-out-of-bounds-write-va-8772"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}