Sign-up

ID

VAR-202009-0292


CVE

CVE-2020-13995


TITLE

U.S. Air Force Sensor Data Management System extract75  Buffer Overflow Vulnerability in Linux

Trust: 0.8

sources: JVNDB: JVNDB-2020-011988

DESCRIPTION

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer

Trust: 1.71

sources: NVD: CVE-2020-13995 // JVNDB: JVNDB-2020-011988 // VULMON: CVE-2020-13995

IOT TAXONOMY

category:['embedded device']sub_category:sensor

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:airforcemodel:nitf extract utilityscope:eqversion:7.5

Trust: 1.0

vendor:air force research laboratorymodel:nitf extract ユーティリティscope:eqversion: -

Trust: 0.8

vendor:air force research laboratorymodel:nitf extract ユーティリティscope:eqversion:nitf extract utility

Trust: 0.8

vendor:air force research laboratorymodel:nitf extract ユーティリティscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011988 // NVD: CVE-2020-13995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13995
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-13995
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202009-1568
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-13995
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-13995
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-13995
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-13995
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-13995 // JVNDB: JVNDB-2020-011988 // CNNVD: CNNVD-202009-1568 // NVD: CVE-2020-13995

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011988 // NVD: CVE-2020-13995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1568

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1568

PATCH

title:AFRL/RY - COMPASE - Sensor Data Management Systemurl:https://www.afrl.af.mil/About-Us/Fact-Sheets/Fact-Sheet-Display/Article/2331781/afrlry-compase-sensor-data-management-system/

Trust: 0.8

title: - url:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

sources: VULMON: CVE-2020-13995 // JVNDB: JVNDB-2020-011988

EXTERNAL IDS

db:NVDid:CVE-2020-13995

Trust: 2.6

db:JVNDBid:JVNDB-2020-011988

Trust: 0.8

db:CNNVDid:CNNVD-202009-1568

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-13995

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-13995 // JVNDB: JVNDB-2020-011988 // CNNVD: CNNVD-202009-1568 // NVD: CVE-2020-13995

REFERENCES

url:https://www.riverloopsecurity.com/blog/2020/09/nitf-extract75-cve-2020-13995/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-13995

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-13995 // JVNDB: JVNDB-2020-011988 // CNNVD: CNNVD-202009-1568 // NVD: CVE-2020-13995

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-13995
db:JVNDBid:JVNDB-2020-011988
db:CNNVDid:CNNVD-202009-1568
db:NVDid:CVE-2020-13995

LAST UPDATE DATE

2025-01-30T19:36:53.664000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-13995date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2020-011988date:2021-04-21T06:39:00
db:CNNVDid:CNNVD-202009-1568date:2022-05-05T00:00:00
db:NVDid:CVE-2020-13995date:2024-11-21T05:02:18.587

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-13995date:2020-09-25T00:00:00
db:JVNDBid:JVNDB-2020-011988date:2021-04-21T00:00:00
db:CNNVDid:CNNVD-202009-1568date:2020-09-25T00:00:00
db:NVDid:CVE-2020-13995date:2020-09-25T13:15:12.230