CVE Vulnerabilities

CVE-2020-13577

NULL Pointer Dereference

Published: Feb 10, 2021 | Modified: Mar 01, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Gsoap Genivia 2.8.107 (including) 2.8.107 (including)
Gsoap Ubuntu bionic *
Gsoap Ubuntu esm-apps/bionic *
Gsoap Ubuntu esm-apps/focal *
Gsoap Ubuntu esm-apps/jammy *
Gsoap Ubuntu focal *
Gsoap Ubuntu groovy *
Gsoap Ubuntu hirsute *
Gsoap Ubuntu impish *
Gsoap Ubuntu jammy *
Gsoap Ubuntu kinetic *
Gsoap Ubuntu trusty *
Gsoap Ubuntu upstream *
Gsoap Ubuntu xenial *

Potential Mitigations

References