Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-28241 (GCVE-0-2020-28241)
Vulnerability from cvelistv5 – Published: 2020-11-06 04:43 – Updated: 2024-08-04 16:33
VLAI
EPSS
Summary
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
Severity
6.5 (Medium)
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/maxmind/libmaxminddb/issues/236 | x_refsource_MISC |
| https://github.com/maxmind/libmaxminddb/pull/237 | x_refsource_MISC |
| https://github.com/maxmind/libmaxminddb/compare/1… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202011-15 | vendor-advisoryx_refsource_GENTOO |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2445-1] libmaxminddb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"name": "GLSA-202011-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-15"
},
{
"name": "FEDORA-2020-1fb1785fa1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
},
{
"name": "FEDORA-2020-8a8f8b244f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-26T02:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2445-1] libmaxminddb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"name": "GLSA-202011-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-15"
},
{
"name": "FEDORA-2020-1fb1785fa1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
},
{
"name": "FEDORA-2020-8a8f8b244f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/maxmind/libmaxminddb/issues/236",
"refsource": "MISC",
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"name": "https://github.com/maxmind/libmaxminddb/pull/237",
"refsource": "MISC",
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"name": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3",
"refsource": "MISC",
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2445-1] libmaxminddb security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"name": "GLSA-202011-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-15"
},
{
"name": "FEDORA-2020-1fb1785fa1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
},
{
"name": "FEDORA-2020-8a8f8b244f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28241",
"datePublished": "2020-11-06T04:43:12.000Z",
"dateReserved": "2020-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:58.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-28241",
"date": "2026-06-03",
"epss": "0.00242",
"percentile": "0.47634"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-28241\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-06T05:15:10.973\",\"lastModified\":\"2024-11-21T05:22:30.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.\"},{\"lang\":\"es\",\"value\":\"libmaxminddb versiones anteriores a 1.4.3, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n dump_entry_data_list en el archivo maxminddb.c\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:maxmind:libmaxminddb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.3\",\"matchCriteriaId\":\"F4E42653-2CF4-45A4-ACBF-61E211FCDD9E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}],\"references\":[{\"url\":\"https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/maxmind/libmaxminddb/issues/236\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/maxmind/libmaxminddb/pull/237\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202011-15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/maxmind/libmaxminddb/issues/236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/maxmind/libmaxminddb/pull/237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202011-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
alsa-2024:0768
Vulnerability from osv_almalinux
Published
2024-02-12 00:00
Modified
2024-02-12 10:04
Summary
Moderate: libmaxminddb security update
Details
The libmaxminddb package contains the MaxMind DB library.
Security Fix(es):
- libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libmaxminddb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-10.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libmaxminddb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-10.el8_9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libmaxminddb package contains the MaxMind DB library.\n\nSecurity Fix(es):\n\n* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0768",
"modified": "2024-02-12T10:04:42Z",
"published": "2024-02-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0768"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2020-28241"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1895379"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-0768.html"
}
],
"related": [
"CVE-2020-28241"
],
"summary": "Moderate: libmaxminddb security update"
}
bit-libmaxminddb-2020-28241
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:55
Modified
2025-04-03 14:40
Summary
Details
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "libmaxminddb",
"purl": "pkg:bitnami/libmaxminddb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2020-28241"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:maxmind:libmaxminddb:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.",
"id": "BIT-libmaxminddb-2020-28241",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T10:55:16.701Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"type": "WEB",
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"type": "WEB",
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202011-15"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241"
}
],
"schema_version": "1.5.0"
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis - Published: 2024-04-12 - Updated: 2024-04-12
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"initial_release_date": "2024-04-12T00:00:00",
"last_revision_date": "2024-04-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
CERTFR-2024-AVI-0506
Vulnerability from certfr_avis - Published: 2024-06-19 - Updated: 2024-06-19
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Secure Analytics versions antérieures à 7.5.0 UP8 IF03 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP8 IF03",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-4732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4732"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2019-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2023-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-40551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40551"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-51043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-5633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-37453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37453"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2020-10001",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10001"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2022-45884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2023-4133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4133"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2023-45862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2020-3898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3898"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2024-28784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28784"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2023-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2513"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-50961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50961"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2024-26609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26609"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2001-1267",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1267"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-27269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27269"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2018-19787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2023-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
},
{
"name": "CVE-2023-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
},
{
"name": "CVE-2022-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-32324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32324"
},
{
"name": "CVE-2014-3146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3146"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3758"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-40546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40546"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3161"
},
{
"name": "CVE-2023-28464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28464"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2023-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
},
{
"name": "CVE-2023-28772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28772"
},
{
"name": "CVE-2023-52580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52580"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6176"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2023-25012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2023-34241",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34241"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2023-24023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24023"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2023-40549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40549"
},
{
"name": "CVE-2023-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1513"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2023-40548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40548"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2023-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4132"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-40550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40550"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-51042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2023-50960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50960"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2023-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6622"
},
{
"name": "CVE-2021-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-40547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
}
],
"initial_release_date": "2024-06-19T00:00:00",
"last_revision_date": "2024-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82681",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03"
}
]
}
Title
Maxmind Libmaxminddb缓冲区溢出漏洞
Description
Maxmind Libmaxminddb是美国Maxmind公司的一个用于处理Maxmind类型文件的C代码库。该代码库用于处理Maxmind DB文件,包括该格式的geo-ip数据,geo-ip可用于检索目标IP信息。
libmaxminddb 1.4.3之前版本存在安全漏洞,该漏洞源于在maxminddb.c中的转储条目数据列表中有一个基于堆的缓冲区overread。目前没有详细的漏洞细节提供。
Severity
中
Patch Name
Maxmind Libmaxminddb缓冲区溢出漏洞的补丁
Patch Description
Maxmind Libmaxminddb是美国Maxmind公司的一个用于处理Maxmind类型文件的C代码库。该代码库用于处理Maxmind DB文件,包括该格式的geo-ip数据,geo-ip可用于检索目标IP信息。
libmaxminddb 1.4.3之前版本存在安全漏洞,该漏洞源于在maxminddb.c中的转储条目数据列表中有一个基于堆的缓冲区overread。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/maxmind/libmaxminddb/pull/237
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-28241
Impacted products
| Name | Maxmind Maxmind Libmaxminddb <1.4.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-28241",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241"
}
},
"description": "Maxmind Libmaxminddb\u662f\u7f8e\u56fdMaxmind\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u5904\u7406Maxmind\u7c7b\u578b\u6587\u4ef6\u7684C\u4ee3\u7801\u5e93\u3002\u8be5\u4ee3\u7801\u5e93\u7528\u4e8e\u5904\u7406Maxmind DB\u6587\u4ef6,\u5305\u62ec\u8be5\u683c\u5f0f\u7684geo-ip\u6570\u636e\uff0cgeo-ip\u53ef\u7528\u4e8e\u68c0\u7d22\u76ee\u6807IP\u4fe1\u606f\u3002\n\nlibmaxminddb 1.4.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728maxminddb.c\u4e2d\u7684\u8f6c\u50a8\u6761\u76ee\u6570\u636e\u5217\u8868\u4e2d\u6709\u4e00\u4e2a\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533aoverread\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://github.com/maxmind/libmaxminddb/pull/237",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-68258",
"openTime": "2020-12-01",
"patchDescription": "Maxmind Libmaxminddb\u662f\u7f8e\u56fdMaxmind\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u5904\u7406Maxmind\u7c7b\u578b\u6587\u4ef6\u7684C\u4ee3\u7801\u5e93\u3002\u8be5\u4ee3\u7801\u5e93\u7528\u4e8e\u5904\u7406Maxmind DB\u6587\u4ef6,\u5305\u62ec\u8be5\u683c\u5f0f\u7684geo-ip\u6570\u636e\uff0cgeo-ip\u53ef\u7528\u4e8e\u68c0\u7d22\u76ee\u6807IP\u4fe1\u606f\u3002\r\n\r\nlibmaxminddb 1.4.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728maxminddb.c\u4e2d\u7684\u8f6c\u50a8\u6761\u76ee\u6570\u636e\u5217\u8868\u4e2d\u6709\u4e00\u4e2a\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533aoverread\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Maxmind Libmaxminddb\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Maxmind Maxmind Libmaxminddb \u003c1.4.3"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241",
"serverity": "\u4e2d",
"submitTime": "2020-11-10",
"title": "Maxmind Libmaxminddb\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2020-28241
Vulnerability from fkie_nvd - Published: 2020-11-06 05:15 - Updated: 2024-11-21 05:22
Severity
Summary
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/maxmind/libmaxminddb/issues/236 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/maxmind/libmaxminddb/pull/237 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202011-15 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/maxmind/libmaxminddb/issues/236 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/maxmind/libmaxminddb/pull/237 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202011-15 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| maxmind | libmaxminddb | * | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:maxmind:libmaxminddb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E42653-2CF4-45A4-ACBF-61E211FCDD9E",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c."
},
{
"lang": "es",
"value": "libmaxminddb versiones anteriores a 1.4.3, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n dump_entry_data_list en el archivo maxminddb.c"
}
],
"id": "CVE-2020-28241",
"lastModified": "2024-11-21T05:22:30.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T05:15:10.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-15"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8H2Q-PRR9-7WH9
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33
VLAI
Details
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
{
"affected": [],
"aliases": [
"CVE-2020-28241"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-06T05:15:00Z",
"severity": "MODERATE"
},
"details": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.",
"id": "GHSA-8h2q-prr9-7wh9",
"modified": "2022-05-24T17:33:20Z",
"published": "2022-05-24T17:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241"
},
{
"type": "WEB",
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"type": "WEB",
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"type": "WEB",
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202011-15"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-28241
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-28241",
"description": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.",
"id": "GSD-2020-28241",
"references": [
"https://www.suse.com/security/cve/CVE-2020-28241.html",
"https://ubuntu.com/security/CVE-2020-28241",
"https://advisories.mageia.org/CVE-2020-28241.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-28241"
],
"details": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.",
"id": "GSD-2020-28241",
"modified": "2023-12-13T01:22:01.378965Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/maxmind/libmaxminddb/issues/236",
"refsource": "MISC",
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"name": "https://github.com/maxmind/libmaxminddb/pull/237",
"refsource": "MISC",
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"name": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3",
"refsource": "MISC",
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2445-1] libmaxminddb security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"name": "GLSA-202011-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-15"
},
{
"name": "FEDORA-2020-1fb1785fa1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
},
{
"name": "FEDORA-2020-8a8f8b244f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:maxmind:libmaxminddb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28241"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/maxmind/libmaxminddb/issues/236",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/issues/236"
},
{
"name": "https://github.com/maxmind/libmaxminddb/pull/237",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/pull/237"
},
{
"name": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2445-1] libmaxminddb security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html"
},
{
"name": "GLSA-202011-15",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-15"
},
{
"name": "FEDORA-2020-8a8f8b244f",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/"
},
{
"name": "FEDORA-2020-1fb1785fa1",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-06T14:18Z",
"publishedDate": "2020-11-06T05:15Z"
}
}
}
RHSA-2024:0750
Vulnerability from csaf_redhat - Published: 2024-02-08 18:08 - Updated: 2026-03-18 02:32Summary
Red Hat Security Advisory: libmaxminddb security update
Severity
Moderate
Notes
Topic: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libmaxminddb package contains the MaxMind DB library.
Security Fix(es):
* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition.
6.5 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
8 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:0750 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1895379 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2020-28241 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1895379 | external |
| https://www.cve.org/CVERecord?id=CVE-2020-28241 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2020-28241 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libmaxminddb package contains the MaxMind DB library.\n\nSecurity Fix(es):\n\n* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0750",
"url": "https://access.redhat.com/errata/RHSA-2024:0750"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1895379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895379"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0750.json"
}
],
"title": "Red Hat Security Advisory: libmaxminddb security update",
"tracking": {
"current_release_date": "2026-03-18T02:32:48+00:00",
"generator": {
"date": "2026-03-18T02:32:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:0750",
"initial_release_date": "2024-02-08T18:08:29+00:00",
"revision_history": [
{
"date": "2024-02-08T18:08:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-08T18:08:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:32:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.src",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.src",
"product_id": "libmaxminddb-0:1.2.0-10.el8_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_8.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.aarch64",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.aarch64",
"product_id": "libmaxminddb-0:1.2.0-10.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_8.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le",
"product_id": "libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_8.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.i686",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.i686",
"product_id": "libmaxminddb-0:1.2.0-10.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_8.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.x86_64",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.x86_64",
"product_id": "libmaxminddb-0:1.2.0-10.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_8.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.s390x",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.s390x",
"product_id": "libmaxminddb-0:1.2.0-10.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_8.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.aarch64"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.i686"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.s390x"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.src"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.x86_64"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28241",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2020-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1895379"
}
],
"notes": [
{
"category": "description",
"text": "An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.src",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28241"
},
{
"category": "external",
"summary": "RHBZ#1895379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241"
}
],
"release_date": "2020-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-08T18:08:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.src",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0750"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.src",
"AppStream-8.8.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_8.1.x86_64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.aarch64",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.i686",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.ppc64le",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.s390x",
"AppStream-8.8.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c"
}
]
}
RHSA-2024:0751
Vulnerability from csaf_redhat - Published: 2024-02-08 18:10 - Updated: 2026-03-18 02:32Summary
Red Hat Security Advisory: libmaxminddb security update
Severity
Moderate
Notes
Topic: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libmaxminddb package contains the MaxMind DB library.
Security Fix(es):
* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition.
6.5 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
8 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:0751 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1895379 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2020-28241 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1895379 | external |
| https://www.cve.org/CVERecord?id=CVE-2020-28241 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2020-28241 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libmaxminddb package contains the MaxMind DB library.\n\nSecurity Fix(es):\n\n* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0751",
"url": "https://access.redhat.com/errata/RHSA-2024:0751"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1895379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895379"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0751.json"
}
],
"title": "Red Hat Security Advisory: libmaxminddb security update",
"tracking": {
"current_release_date": "2026-03-18T02:32:47+00:00",
"generator": {
"date": "2026-03-18T02:32:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:0751",
"initial_release_date": "2024-02-08T18:10:05+00:00",
"revision_history": [
{
"date": "2024-02-08T18:10:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-02-08T18:10:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:32:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.src",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.src",
"product_id": "libmaxminddb-0:1.2.0-10.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.aarch64",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.aarch64",
"product_id": "libmaxminddb-0:1.2.0-10.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_6.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le",
"product_id": "libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.i686",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.i686",
"product_id": "libmaxminddb-0:1.2.0-10.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_6.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.x86_64",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.x86_64",
"product_id": "libmaxminddb-0:1.2.0-10.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.s390x",
"product": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.s390x",
"product_id": "libmaxminddb-0:1.2.0-10.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb@1.2.0-10.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x",
"product": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x",
"product_id": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-devel@1.2.0-10.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x",
"product": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x",
"product_id": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debugsource@1.2.0-10.el8_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x",
"product": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x",
"product_id": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmaxminddb-debuginfo@1.2.0-10.el8_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.aarch64"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.i686"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.s390x"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.src"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-0:1.2.0-10.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.x86_64"
},
"product_reference": "libmaxminddb-0:1.2.0-10.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64"
},
"product_reference": "libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64"
},
"product_reference": "libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64"
},
"product_reference": "libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28241",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2020-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1895379"
}
],
"notes": [
{
"category": "description",
"text": "An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28241"
},
{
"category": "external",
"summary": "RHBZ#1895379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28241"
}
],
"release_date": "2020-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-08T18:10:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0751"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.src",
"AppStream-8.6.0.Z.EUS:libmaxminddb-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debuginfo-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-debugsource-0:1.2.0-10.el8_6.1.x86_64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.aarch64",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.i686",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.ppc64le",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.s390x",
"AppStream-8.6.0.Z.EUS:libmaxminddb-devel-0:1.2.0-10.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…