libmysofa up to 0.6 Calculation hdf/btree.c treeRead input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as very critical, was found in libmysofa up to 0.6. This affects the function treeRead of the file hdf/btree.c of the component Calculation Handler. Upgrading to version 0.7 eliminates this vulnerability.

Field04/01/2019 08:11 AM05/23/2020 10:33 AM
namelibmysofalibmysofa
version<=0.6<=0.6
componentCalculation HandlerCalculation Handler
filehdf/btree.chdf/btree.c
functiontreeReadtreeRead
cwe20 (privilege escalation)20 (privilege escalation)
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore9.89.8
cvss3_meta_tempscore9.49.4
cvss3_vuldb_basescore9.89.8
cvss3_vuldb_tempscore9.49.4
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1553990400 (03/31/2019)1553990400 (03/31/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version0.70.7
cveCVE-2019-10672CVE-2019-10672
cve_assigned15539904001553990400
cve_nvd_summarytreeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.
risk22
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore9.89.8
discoverydate1553990400
urlhttps://usn.ubuntu.com/4033-1/

Interested in the pricing of exploits?

See the underground prices here!