CVE-2019-1010060
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.
CFITSIO anterior a versión 3.43 de NASA, esta afectado por: Desbordamiento de búfer. El impacto es: ejecución de código arbitrario. El componente es: más de 40 archivos de código fuente fueron cambiados. El vector de ataque es: atacante remoto no autenticado. La versión corregida es: 3.43. NOTA: este CVE se refiere a los problemas no cubiertos por CVE-2018-3846, CVE-2018-3847, CVE-2018-3848 y CVE-2018-3849. Un ejemplo es ftp_status en drvrnet.c que maneja una cadena larga que comienza con un carácter '4'.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-20 CVE Reserved
- 2019-07-16 CVE Published
- 2024-07-09 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 | Mailing List | |
| https://github.com/astropy/astropy/pull/7274 | Third Party Advisory | |
| https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio3420.tar.gz | Third Party Advisory | |
| https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio3430.tar.gz | Third Party Advisory | |
| https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes2.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|