CVE-2020-28241 – libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c

https://notcve.org/view.php?id=CVE-2020-28241

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. libmaxminddb versiones anteriores a 1.4.3, presenta una lectura excesiva del búfer en la región heap de la memoria en la función dump_entry_data_list en el archivo maxminddb.c An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition. • https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3 https://github.com/maxmind/libmaxminddb/issues/236 https://github.com/maxmind/libmaxminddb/pull/237 https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV https://security.gentoo.org/glsa/ • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •