CVE-2020-35357
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
Puede producirse un Desbordamiento del Búfer al calcular el valor del cuantil utilizando Statistics Library of GSL (Biblioteca Científica GNU), versiones 2.5 y 2.6. El procesamiento de datos de entrada creados con fines maliciosos para gsl_stats_quantile_from_sorted_data de la librería puede provocar la finalización inesperada de la aplicación o la ejecución de código arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-14 CVE Reserved
- 2023-08-22 CVE Published
- 2024-09-23 EPSS Updated
- 2024-10-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 | 2023-10-11 | |
| https://savannah.gnu.org/bugs/?59624 | 2023-10-11 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gnu Scientific Library Search vendor "Gnu" for product "Gnu Scientific Library" | 2.5 Search vendor "Gnu" for product "Gnu Scientific Library" and version "2.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gnu Scientific Library Search vendor "Gnu" for product "Gnu Scientific Library" | 2.6 Search vendor "Gnu" for product "Gnu Scientific Library" and version "2.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||