CVE-2019-20367
- Source
- https://cve.org/CVERecord?id=CVE-2019-20367
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20367.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-20367
- Downstream
- Related
- Published
- 2020-01-08T17:15:11.757Z
- Modified
- 2026-02-10T23:48:59.609043Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
- References
-
- https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html
- https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
- https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html
- https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
- https://usn.ubuntu.com/4243-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html
- https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html
- https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
- https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
Affected packages
Git / gitlab.freedesktop.org/libbsd/libbsd
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.freedesktop.org/libbsd/libbsd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0
0.0.1
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.2.0
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9.0
0.9.1
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20367.json"
vanir_signatures
[
{
"target": {
"file": "src/nlist.c"
},
"digest": {
"line_hashes": [
"196345775308584474326548203501370608928",
"117179312383696696732209002964919880424",
"30096019812250696087892895259766991307",
"67648858372622382913984756949145775050",
"246870043550956115314895576834314496114",
"308007934934988426552422046358506278415",
"8420698635247680829431571837603296816",
"208920325444813761589317409971170606869",
"234432775420817522155667897046249299351",
"72935726870559338984664214232075252684",
"136385293728070607369190962627516719091",
"213708016270590239438244198869379749218"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2019-20367-42b4aa86",
"source": "https://gitlab.freedesktop.org/libbsd/libbsd@9d917aad37778a9f4a96ba358415f077f3f36f3b",
"deprecated": false,
"signature_version": "v1"
},
{
"target": {
"file": "src/nlist.c",
"function": "__fdnlist"
},
"digest": {
"length": 2396.0,
"function_hash": "136690924035898766300959581100126504118"
},
"signature_type": "Function",
"id": "CVE-2019-20367-fac8a904",
"source": "https://gitlab.freedesktop.org/libbsd/libbsd@9d917aad37778a9f4a96ba358415f077f3f36f3b",
"deprecated": false,
"signature_version": "v1"
}
]