CVE-2020-22617 - Vulnerability Details - OpenCVE

Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ardour	Ardour

Configuration 1 [-]

cpe:2.3:a:ardour:ardour:5.12:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Ardour/ardour/commit/96daa4036a
https://tracker.ardour.org/view.php?id=7926

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-08T19:06:57

Updated: 2024-08-04T14:51:11.110Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-22617

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-10-08T20:15:07.330

Modified: 2024-11-21T05:13:19.450

Link: CVE-2020-22617

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-08T19:06:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://tracker.ardour.org/view.php?id=7926"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Ardour/ardour/commit/96daa4036a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-22617", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://tracker.ardour.org/view.php?id=7926", "refsource": "MISC", "url": "https://tracker.ardour.org/view.php?id=7926"}, {"name": "https://github.com/Ardour/ardour/commit/96daa4036a", "refsource": "MISC", "url": "https://github.com/Ardour/ardour/commit/96daa4036a"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T14:51:11.110Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tracker.ardour.org/view.php?id=7926"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Ardour/ardour/commit/96daa4036a"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22617", "datePublished": "2021-10-08T19:06:57", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:51:11.110Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ardour:ardour:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "AC849A7C-5C56-4723-BB28-F8BA27E16C17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext."}, {"lang": "es", "value": "Ardour versi\u00f3n v5.12, contiene una vulnerabilidad de uso de memoria previamente liberada en el componente ardour/libs/pbd/xml++.cc cuando son usados xmlFreeDoc y xmlXPathFreeContext"}], "id": "CVE-2020-22617", "lastModified": "2024-11-21T05:13:19.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-08T20:15:07.330", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Ardour/ardour/commit/96daa4036a"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://tracker.ardour.org/view.php?id=7926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Ardour/ardour/commit/96daa4036a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tracker.ardour.org/view.php?id=7926"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}