![]() The vulnerability has been patched in matrix-appservice-irc 0.35.0. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ![]() The entry has already been requested to the NVD CPE dictionary. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. Go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
0 Comments
Leave a Reply. |