---

Log

AVG-1208 edited at 29 Jul 2020 20:47:59
Severity	- Unknown + Medium

CVE-2020-12460 edited at 29 Jul 2020 20:47:59
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.
References	+ https://github.com/trusteddomainproject/OpenDMARC/issues/64
Notes

AVG-1208 created at 29 Jul 2020 20:47:11
Packages	+ opendmarc
Issues	+ CVE-2020-12460
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 1.3.2-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2020-12460 created at 29 Jul 2020 20:47:11

CVE-2020-15888 edited at 29 Jul 2020 20:46:15
Severity	- Unknown + High
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
References	+ http://lua-users.org/lists/lua-l/2020-07/msg00053.html + http://lua-users.org/lists/lua-l/2020-07/msg00054.html + http://lua-users.org/lists/lua-l/2020-07/msg00071.html + http://lua-users.org/lists/lua-l/2020-07/msg00079.html + https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7 + https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5
Notes

AVG-1207 edited at 29 Jul 2020 20:45:28
Severity	- Unknown + High

CVE-2020-15889 edited at 29 Jul 2020 20:45:28
Severity	- Unknown + High
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
References	+ http://lua-users.org/lists/lua-l/2020-07/msg00078.html + https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312
Notes

AVG-1207 created at 29 Jul 2020 20:44:06
Packages	+ lua
Issues	+ CVE-2020-15888 + CVE-2020-15889
Status	Vulnerable
Severity	Unknown
Affected	- 3.8.4-1 + 5.4.0-1
Fixed
Ticket
Advisory qualified	Yes
References
Notes

CVE-2020-15889 created at 29 Jul 2020 20:44:06

AVG-1207 created at 29 Jul 2020 20:44:06
Packages	+ lua
Issues	+ CVE-2020-15888 + CVE-2020-15889
Status	Vulnerable
Severity	Unknown
Affected	- 3.8.4-1 + 5.4.0-1
Fixed
Ticket
Advisory qualified	Yes
References
Notes

CVE-2020-15888 created at 29 Jul 2020 20:44:06

CVE-2020-15801 deleted at 29 Jul 2020 20:40:36
Severity	- Unknown
Remote	- Unknown
Type	- Unknown
Description
References
Notes

AVG-1207 deleted at 29 Jul 2020 20:40:30
Packages	- python
Issues	- CVE-2020-15801
Status	- Vulnerable
Severity	- Unknown
Affected	- 3.8.4-1
Fixed
Ticket
Advisory qualified	- Yes
References
Notes

AVG-1207 created at 29 Jul 2020 20:40:00
Packages	+ python
Issues	+ CVE-2020-15801
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 3.8.4-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2020-15801 created at 29 Jul 2020 20:40:00

ASA-202007-7 edited at 29 Jul 2020 20:36:38
Impact	+ A local attacker could pass signature validation with a crafted message.