Nixpkgs security tracker
Dismissed
Permalink
CVE-2020-37140
5.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
by @jopejoe1 Activity log
- Created suggestion
-
@jopejoe1
ignored
4 packages
- everest
- neverest
- everest-bin
- everest-mons
- @jopejoe1 dismissed
Everest 5.50.2100 - 'Open File' Denial of Service
Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.
References
-
ExploitDB-48259 exploit
-
Archived Product Page vendor-advisory
-
VulnCheck Advisory: Everest 5.50.2100 - 'Open File' Denial of Service third-party-advisory
Affected products
Everest
- ==5.50.2100
Ignored packages (4)
pkgs.everest
Celeste mod loader (don't install; use celestegame instead)
pkgs.neverest
CLI to synchronize, backup and restore emails
-
nixos-unstable 1.0.0-beta
- nixpkgs-unstable 1.0.0-beta
- nixos-unstable-small 1.0.0-beta
pkgs.everest-bin
Celeste mod loader (don't install; use celestegame instead)
pkgs.everest-mons
Commandline Everest installer and mod manager for Celeste