<html>
<head>
<base href="https://bugzilla.rosalinux.ru/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Platform</th>
<td>2021.1
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - [CVE 21] libmysofa 1.0 CVEs found"
href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13266">13266</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[CVE 21] libmysofa 1.0 CVEs found
</td>
</tr>
<tr>
<th>Classification</th>
<td>ROSA-based products
</td>
</tr>
<tr>
<th>Product</th>
<td>ROSA Fresh
</td>
</tr>
<tr>
<th>Version</th>
<td>All
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>URL</th>
<td>CVE-2020-36148, CVE-2020-36149, CVE-2020-36150, CVE-2020-36151, CVE-2020-36152, CVE-2021-3756,
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>CONFIRMED
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>Normal
</td>
</tr>
<tr>
<th>Component</th>
<td>System (kernel, glibc, systemd, bash, PAM...)
</td>
</tr>
<tr>
<th>Assignee</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>Reporter</th>
<td>y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>CC</th>
<td>s.matveev@rosalinux.ru, y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>Target Milestone</th>
<td>---
</td>
</tr>
<tr>
<th>Flags</th>
<td>secteam_verified?
</td>
</tr></table>
<p>
<div>
<pre>Please patch CVEs for package libmysofa version 1.0
INFO (CVEs are): libmysofa 1.0 cves found
CVE-2020-36148
Desc: Incorrect handling of input data in verifyAttribute function in the
libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and
segmentation fault error in case of restrictive memory protection or near NULL
pointer overwrite in case of no memory restrictions (e.g. in embedded
environments).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36148">https://nvd.nist.gov/vuln/detail/CVE-2020-36148</a>
Severity: MEDIUM
CVE-2020-36149
Desc: Incorrect handling of input data in changeAttribute function in the
libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and
segmentation fault error in case of restrictive memory protection or near NULL
pointer overwrite in case of no memory restrictions (e.g. in embedded
environments).
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36149">https://nvd.nist.gov/vuln/detail/CVE-2020-36149</a>
Severity: MEDIUM
CVE-2020-36150
Desc: Incorrect handling of input data in loudness function in the libmysofa
library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated
memory block.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36150">https://nvd.nist.gov/vuln/detail/CVE-2020-36150</a>
Severity: MEDIUM
CVE-2020-36151
Desc: Incorrect handling of input data in mysofa_resampler_reset_mem function
in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and
overwriting large memory block.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36151">https://nvd.nist.gov/vuln/detail/CVE-2020-36151</a>
Severity: MEDIUM
CVE-2020-36152
Desc: Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa
0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36152">https://nvd.nist.gov/vuln/detail/CVE-2020-36152</a>
Severity: HIGH
CVE-2021-3756
Desc: libmysofa is vulnerable to Heap-based Buffer Overflow
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3756">https://nvd.nist.gov/vuln/detail/CVE-2021-3756</a>
Severity: CRITICAL</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>