CVE-2020-8110 - Vulnerability Details - OpenCVE

A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00277.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitdefender Subscribe	Engines Subscribe

Configuration 1 [-]

cpe:2.3:a:bitdefender:engines:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-29021	A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.

Fixes

Solution

Bitdefender has issued an update in engines version 7.84897 to correct this vulnerability

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2020-10-02T09:55:17.917005Z

Updated: 2024-09-16T21:03:42.414Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8110

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-02T10:15:13.170

Modified: 2024-11-21T05:38:18.900

Link: CVE-2020-8110

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-824

{"containers": {"cna": {"affected": [{"product": "Bitdefender Engines", "vendor": "Bitdefender", "versions": [{"lessThanOrEqual": "7.84897", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "David Lanzenberger"}], "datePublic": "2020-10-01T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-02T09:55:17", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"}], "solutions": [{"lang": "en", "value": "Bitdefender has issued an update in engines version 7.84897 to correct this vulnerability"}], "source": {"defect": ["VA-8766"], "discovery": "EXTERNAL"}, "title": "Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2020-10-01T15:00:00.000Z", "ID": "CVE-2020-8110", "STATE": "PUBLIC", "TITLE": "Bitdefender ceva_emu.cvd module denial-of-service (VA-8766)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bitdefender Engines", "version": {"version_data": [{"version_affected": "<=", "version_value": "7.84897"}]}}]}, "vendor_name": "Bitdefender"}]}}, "credit": [{"lang": "eng", "value": "David Lanzenberger"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-824 Access of Uninitialized Pointer"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"}]}, "solution": [{"lang": "en", "value": "Bitdefender has issued an update in engines version 7.84897 to correct this vulnerability"}], "source": {"defect": ["VA-8766"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:25.542Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"}]}]}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2020-8110", "datePublished": "2020-10-02T09:55:17.917005Z", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-09-16T21:03:42.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:engines:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C595C92-9566-496A-AB61-374B242003D0", "versionEndIncluding": "7.84897", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en el m\u00f3dulo ceva_emu.cvd que resulta de una falta de comprobaci\u00f3n apropiada de los datos suministrados por el usuario, lo que puede resultar en un puntero que es extra\u00eddo de la memoria no inicializada. Esto puede conllevar a una denegaci\u00f3n de servicio. Este problema afecta a: Bitdefender Engines versi\u00f3n 7.84897 y versiones anteriores"}], "id": "CVE-2020-8110", "lastModified": "2024-11-21T05:38:18.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-02T10:15:13.170", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-cevakrnl-xmd-parser-denial-of-service-va-8766"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-824"}], "source": "nvd@nist.gov", "type": "Primary"}]}