Bug 1193873 (CVE-2020-36428) - VUL-0: CVE-2020-36428: matio: heap-based buffer overflow in ReadInt32DataDouble
Summary: VUL-0: CVE-2020-36428: matio: heap-based buffer overflow in ReadInt32DataDouble
Status: RESOLVED FIXED
Alias: CVE-2020-36428
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.3
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Atri Bhattacharya
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/304604/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-17 15:39 UTC by Gabriele Sonnu
Modified: 2022-12-08 08:12 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Gabriele Sonnu 2021-12-17 15:40:32 UTC 
Packages:

 - openSUSE:Backports:SLE-15-SP4/matio  1.5.21
 - openSUSE:Factory/matio               1.5.21

No references to a fix for now.
Comment 2 Swamp Workflow Management 2022-12-08 02:19:49 UTC 
openSUSE-SU-2022:10235-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1193873,1193874
CVE References: CVE-2020-36428,CVE-2021-36977
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    matio-1.5.23-bp154.2.3.1
Comment 3 Marcus Meissner 2022-12-08 08:12:51 UTC 
factory also has 1.5.23 now.