An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit…
talos·CWE-456·Published 2022-02-04
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.
An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.
Se presenta una vulnerabilidad de divulgación de información en la funcionalidad pick-and-place rotation parsing de Gerbv versiones 2.7.0 y dev (commit b5f1eacd), y Gerbv forked versión 2.8.0. Un archivo pick-and-place especialmente diseñado puede explotar la falta de inicialización de una estructura para perder el contenido de la memoria. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.3 | 8.6 | 2.9 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
| 3.0 | Primary | cve.org | 5.8 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
| 3.0 | Primary | cve.org | 5.8 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
| 3.0 | Secondary | NVD | 5.8 | 3.9 | 1.4 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
| 3.1 | Primary | NVD | 6.3 | 1.8 | 4.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |