CVE-2020-10646: Buffer Overflow
First published: Mon Apr 13 2020(Updated: )
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fujielectric V-server | <4.0.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10646?
CVE-2020-10646 is a vulnerability in Fuji Electric V-Server Lite versions prior to 4.0.9.0 that allows for a heap-based buffer overflow.
How severe is CVE-2020-10646?
CVE-2020-10646 has a severity score of 7.8 (high).
How does CVE-2020-10646 affect Fuji Electric V-Server Lite?
CVE-2020-10646 affects Fuji Electric V-Server Lite versions prior to 4.0.9.0 by causing a heap-based buffer overflow when parsing VPR files.
What is a heap-based buffer overflow?
A heap-based buffer overflow is a vulnerability where a program writes more data to a buffer in the heap memory than it can handle, leading to memory corruption and potentially arbitrary code execution.
How can I fix CVE-2020-10646?
To fix CVE-2020-10646, you should update Fuji Electric V-Server Lite to version 4.0.9.0 or later.
- collector/nvd-index
- vendor/fujielectric
- canonical/fujielectric v-server