CVE-2020-26148

High

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g.,…

mitre·CWE-908·Published 2020-09-29

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

191 chars

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.

NVDen

191 chars

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.

La función md_push_block_bytes en el archivo md4c.c en md4c versión 0.4.5, permite a atacantes desencadenar un uso de memoria no inicializada y causar una denegación de servicio (por ejemplo, fallo de aserción) por medio de un documento Markdown malformado

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H