Heap-based Buffer Overflow in OSSEC-HIDS Server Component
CVE-2020-8442

8.8HIGH

Key Information:

Vendor

Ossec

Status
Ossec
Vendor
CVE Published:
30 January 2020

What is CVE-2020-8442?

In OSSEC-HIDS versions 2.7 to 3.5.0, a vulnerability exists in the ossec-analysisd server component, specifically within the rootcheck decoder. This flaw allows for a heap-based buffer overflow to occur when an authenticated client sends crafted input. As a result, this can potentially lead to unauthorized access or denial of service within the affected systems. Users are advised to review the security advisories and consider updating to secure versions.

References

https://github.com/ossec/ossec-hids/issues/1820
x_refsource_MISC
https://github.com/ossec/ossec-hids/issues/1821
x_refsource_MISC
https://www.ossec.net/
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.