Nixpkgs Security Tracker

Dismissed

Permalink CVE-2020-37140

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 month, 2 weeks ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 2 weeks ago
@jopejoe1 removed
4 packages
- everest
- neverest
- everest-bin
- everest-mons
1 month, 2 weeks ago
@jopejoe1 dismissed 1 month, 2 weeks ago

Everest 5.50.2100 - 'Open File' Denial of Service

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.

References

ExploitDB-48259 exploit
Archived Product Page vendor-advisory
VulnCheck Advisory: Everest 5.50.2100 - 'Open File' Denial of Service third-party-advisory

Affected products

Everest

==5.50.2100

Not present in nixpkgs also known as AIDA64

Suggestion detail

References

Affected products