Denial-of-Service Vulnerability in ELOG Electronic Logbook by PSI
CVE-2020-8859

5.3MEDIUM

Key Information:

Vendor: Elog
Status: Electronic Logbook
Vendor: CVE Published:; 23 March 2020

What is CVE-2020-8859?

This vulnerability allows remote attackers to trigger a denial-of-service condition on systems running ELOG Electronic Logbook version 3.1.4-283534d without requiring authentication. The flaw arises from improper handling of HTTP parameters, leading to the dereference of a null pointer in the application. An attacker can leverage this vulnerability by sending a specially crafted request, which subsequently disrupts the service, potentially causing significant operational issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Electronic Logbook 3.1.4-283534d

References

https://www.zerodayinitiative.com/advisories/ZDI-20-252/

x_refsource_MISC

https://elog.psi.ch/elogs/Forum/69114

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2020
Vulnerability Reserved
Feb 11, 2020

Credit

Asif Akbar of Trend Micro Security Research

JSON

Elog

What is CVE-2020-8859?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.