Vulnerabilites related to bitdefender - hypervisor_introspection
Vulnerability from fkie_nvd
Published
2020-12-17 17:15
Modified
2024-11-21 05:05
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | hypervisor_introspection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE339FF-189B-407E-9801-E406DE2CCA17",
"versionEndExcluding": "1.132.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations."
},
{
"lang": "es",
"value": "Una falta de comprobaci\u00f3n en los datos le\u00eddos desde la memoria del invitado en IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol e IntLixTaskDumpTree, puede conllevar a una lectura fuera de l\u00edmites o podr\u00eda causar una DoS debido a un exceso de enteros (IntPeGetDirectory), una TOCTOU (IntPeParseUnwindData) o una comprobaci\u00f3n insuficiente"
}
],
"id": "CVE-2020-15292",
"lastModified": "2024-11-21T05:05:15.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T17:15:12.783",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-17 17:15
Modified
2024-11-21 05:05
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | hypervisor_introspection | 1.132.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:hypervisor_introspection:1.132.2:*:*:*:*:*:*:*",
"matchCriteriaId": "705BF3BC-DEE0-4E14-B1A9-C32AF24492ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions."
},
{
"lang": "es",
"value": "Una corrupci\u00f3n de la memoria en IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry e IntLixFileGetPath, debido a una comprobaci\u00f3n insuficiente de entrada de datos del invitado puede conllevar a unas condiciones de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2020-15293",
"lastModified": "2024-11-21T05:05:15.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T17:15:12.907",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-17 17:15
Modified
2024-11-21 05:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | hypervisor_introspection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE339FF-189B-407E-9801-E406DE2CCA17",
"versionEndExcluding": "1.132.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Eliminaci\u00f3n de la Optimizaci\u00f3n del Compilador o Modificaci\u00f3n de C\u00f3digo Cr\u00edtico de Seguridad en la funci\u00f3n IntPeParseUnwindData() resulta en m\u00faltiples desreferencias al mismo puntero. Si el puntero es encontrado en un mapa de memoria del espacio de invitado, esto puede causar una condici\u00f3n de carrera en la que el c\u00f3digo generado derivar\u00eda la misma direcci\u00f3n dos veces, obteniendo as\u00ed valores diferentes, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria. Este problema afecta: Bitdefender Hypervisor Introspection versiones anteriores a 1.132.2"
}
],
"id": "CVE-2020-15294",
"lastModified": "2024-11-21T05:05:15.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T17:15:12.987",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-733"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-15294 (GCVE-0-2020-15294)
Vulnerability from cvelistv5
Published
2020-12-17 16:50
Modified
2024-09-16 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code
Summary
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Hypervisor Introspection |
Version: unspecified < 1.132.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hypervisor Introspection",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "1.132.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ilja Van Sprundel from IOActive"
}
],
"datePublic": "2020-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-733",
"description": "CWE-733: Compiler Optimization Removal or Modification of Security-critical Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T16:50:18",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
}
],
"solutions": [
{
"lang": "en",
"value": "The issue has been fixed in Introcore 1.132.2."
}
],
"source": {
"defect": [
"VA-9339"
],
"discovery": "EXTERNAL"
},
"title": "Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-12-17T19:00:00.000Z",
"ID": "CVE-2020-15294",
"STATE": "PUBLIC",
"TITLE": "Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hypervisor Introspection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.132.2"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ilja Van Sprundel from IOActive"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-733: Compiler Optimization Removal or Modification of Security-critical Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The issue has been fixed in Introcore 1.132.2."
}
],
"source": {
"defect": [
"VA-9339"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-15294",
"datePublished": "2020-12-17T16:50:18.250326Z",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-09-16T19:40:28.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15292 (GCVE-0-2020-15292)
Vulnerability from cvelistv5
Published
2020-12-17 16:45
Modified
2024-09-16 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Hypervisor Introspection |
Version: unspecified < 1.132.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hypervisor Introspection",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "1.132.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ilja Van Sprundel from IOActive"
}
],
"datePublic": "2020-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T16:45:18",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"
}
],
"solutions": [
{
"lang": "en",
"value": "The issue has been fixed in Introcore 1.132.2."
}
],
"source": {
"defect": [
"VA-9333"
],
"discovery": "EXTERNAL"
},
"title": "Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-12-17T19:00:00.000Z",
"ID": "CVE-2020-15292",
"STATE": "PUBLIC",
"TITLE": "Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hypervisor Introspection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.132.2"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ilja Van Sprundel from IOActive"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/lack-validation-data-read-guest-memory-bitdefender-hvi-va-9333/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The issue has been fixed in Introcore 1.132.2."
}
],
"source": {
"defect": [
"VA-9333"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-15292",
"datePublished": "2020-12-17T16:45:19.079767Z",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-09-16T18:19:26.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15293 (GCVE-0-2020-15293)
Vulnerability from cvelistv5
Published
2020-12-17 16:50
Modified
2024-09-17 03:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Hypervisor Introspection |
Version: unspecified < 1.132.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hypervisor Introspection",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "1.132.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ilja Van Sprundel from IOActive"
}
],
"datePublic": "2020-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T16:50:25",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336/"
}
],
"solutions": [
{
"lang": "en",
"value": "The issue has been fixed in Introcore 1.132.2."
}
],
"source": {
"defect": [
"VA-9336"
],
"discovery": "EXTERNAL"
},
"title": "Memory corruption in Bitdefender Hypervisor Introspection (VA-9336)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-12-17T19:00:00.000Z",
"ID": "CVE-2020-15293",
"STATE": "PUBLIC",
"TITLE": "Memory corruption in Bitdefender Hypervisor Introspection (VA-9336)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hypervisor Introspection",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.132.2"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ilja Van Sprundel from IOActive"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/memory-corruption-bitdefender-hypervisor-introspection-va-9336/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The issue has been fixed in Introcore 1.132.2."
}
],
"source": {
"defect": [
"VA-9336"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-15293",
"datePublished": "2020-12-17T16:50:25.096358Z",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-09-17T03:33:44.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}