libfetch

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-004 CVE-2020-7450 01/29/2020 medium v3

Vulnerability details

A buffer overflow can occur during the parsing of a specially forged url, thus can lead to denial of service or the execution of custom arbitrary code.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium impacted

Revisions

Version Date Description
1 01/29/2020 Initial release
2 02/26/2020 Fix typo
3 05/15/2020 Fix version
4 06/10/2020 Fix version

 



Stormshield Network Security

CVSS v2 Overall Score: 5.6      

Analysis

Impacted version

An attacker can send a malicious url to a service in the UTM in order to cause a denial of service or run arbitrary code, but the service has reduced permissions on the system so the effects are limited.
  • SNS 2.0.0 to 2.7.6
  • SNS 2.8.0 to 2.15.0
  • SNS 3.0.0 to 3.7.10
  • SNS 3.8.0 to 3.10.0
  • SNS 4.0.0 to 4.0.1

Workaround solution

Solution

There is no workaround solution.

The vulnerability is fixed in versions:

 

  • SNS >= 2.7.7
  • SNS >= 2.16.0
  • SNS >= 3.7.11
  • SNS >=3.10.1
  • SNS >= 4.0.2


Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low Single Complete None Partial
CVSS Base score: 7.5 CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.6 CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.6 CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)