Description
libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/hoene/libmysofa/issues/83
Exploit, Third Party Advisory x_refsource_misc
https://github.com/hoene/libmysofa/issues/84
Patch, Third Party Advisory x_refsource_misc
https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f
Scores
CVSS v3
6.5
EPSS
0.0053
EPSS Percentile
67.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
symonics/libmysofa
< 0.9
Published
Dec 27, 2019
Tracked Since
Feb 18, 2026