CVE-2020-15904
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15904
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15904.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15904
- Aliases
- Published
- 2020-07-22T23:15:11.330Z
- Modified
- 2025-11-14T10:52:16.776306Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
- References
Affected packages
Git / github.com/ilanschnell/bsdiff4
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ilanschnell/bsdiff4
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"340220858517578814907242374715912337294",
"249112512010043413667638327401764711275",
"189019597522981605886487086948941746768",
"168663676184366194950515564497195890779",
"149900700182757724265752921310883031126",
"9488832237023589447927045093353610056",
"162976897186473734919379098591521326167",
"318887190277594465809371203738702984476",
"219265411217723584566294589037845646733"
]
},
"target": {
"file": "bsdiff4/core.c"
},
"signature_version": "v1",
"id": "CVE-2020-15904-3e8f5ee8",
"deprecated": false,
"source": "https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "322173807638438432450463636713655710926",
"length": 1613.0
},
"target": {
"file": "bsdiff4/core.c",
"function": "patch"
},
"signature_version": "v1",
"id": "CVE-2020-15904-71af10c9",
"deprecated": false,
"source": "https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7",
"signature_type": "Function"
}
]