SoftMaker Office 2021 PlanMaker における整数オーバーフローの脆弱性
| Title |
SoftMaker Office 2021 PlanMaker における整数オーバーフローの脆弱性
|
| Summary |
SoftMaker Office 2021 PlanMaker には、整数オーバーフローの脆弱性、および境界外書き込みに関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
Nov. 2, 2020, midnight |
| Registration Date |
Oct. 19, 2021, 5:56 p.m. |
| Last Update |
Oct. 19, 2021, 5:56 p.m. |
|
CVSS3.0 : 重要
|
| Score |
7.8
|
| Vector |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
CVSS2.0 : 警告
|
| Score |
6.8
|
| Vector |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
Affected System
| SoftMaker |
|
SoftMaker Software GmbH SoftMaker Office PlanMaker 2021
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2021年10月19日]
掲載 |
Oct. 19, 2021, 5:56 p.m. |
NVD Vulnerability Information
CVE-2020-13579
| Summary |
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
|
| Publication Date |
Feb. 4, 2021, 4:15 p.m. |
| Registration Date |
Feb. 5, 2021, 10 a.m. |
| Last Update |
Nov. 21, 2024, 2:01 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:softmaker:planmaker_2021:1014:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List