temporal
temporal copied to clipboard
temporalio
modernc.org/sqlite-v1.19.1: 1 vulnerabilities (highest severity is: 5.5)
Vulnerable Library - modernc.org/sqlite-v1.19.1
Found in HEAD commit: f50d84c1446361d7af74c5ac0d11c7d5755e0e7e
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2020-28928 |  Medium |
5.5 | modernc.org/libc-v1.19.0 | Transitive | N/A | ❌ |
Details
CVE-2020-28928
Vulnerable Library - modernc.org/libc-v1.19.0
Library home page: https://proxy.golang.org/modernc.org/libc/@v/v1.19.0.zip
Dependency Hierarchy:
- modernc.org/sqlite-v1.19.1 (Root Library)
- :x: modernc.org/libc-v1.19.0 (Vulnerable Library)
Found in HEAD commit: f50d84c1446361d7af74c5ac0d11c7d5755e0e7e
Found in base branch: master
Vulnerability Details
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
Publish Date: 2020-11-24
URL: CVE-2020-28928
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-28928
Release Date: 2020-11-24
Fix Resolution: musl - 1.2.2-1,1.2.2-1,1.1.16-3+deb9u1
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "Published by a pub.dev verified publisher"){kind=small}
Created an issue on sqlite side: https://gitlab.com/cznic/sqlite/-/issues/108.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.