VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zxgs-3w22-aaap

Essentials
Severities (142)
References (66)
Severity details (40)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-zxgs-3w22-aaap
Aliases	CVE-2020-16845 GHSA-q6gq-997w-f55g
Summary	Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

System	Score	Found at
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:3665
rhas	Low	https://access.redhat.com/errata/RHSA-2020:4201
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4214
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4297
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:5118
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:5119
rhas	Low	https://access.redhat.com/errata/RHSA-2020:5159
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:5605
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:5606
rhas	Low	https://access.redhat.com/errata/RHSA-2020:5649
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:0072
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:0172
rhas	Low	https://access.redhat.com/errata/RHSA-2021:0713
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:0799
rhas	Low	https://access.redhat.com/errata/RHSA-2021:0956
rhas	Low	https://access.redhat.com/errata/RHSA-2021:1016
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:1366
rhas	Important	https://access.redhat.com/errata/RHSA-2021:1515
rhas	Important	https://access.redhat.com/errata/RHSA-2021:2122
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4103
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16845.json
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00645	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00645	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00645	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.00645	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.03010	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.03010	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.03010	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.03010	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.04231	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.04231	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.04231	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.04231	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
epss	0.04231	https://api.first.org/data/v1/epss?cve=CVE-2020-16845
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
generic_textual	HIGH	https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
cvssv3.1	7.5	https://github.com/ulikunitz/xz/issues/35
generic_textual	HIGH	https://github.com/ulikunitz/xz/issues/35
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
generic_textual	HIGH	https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q
generic_textual	HIGH	https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2020-16845
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-16845
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-16845
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20200924-0002
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20200924-0002
cvssv3.1	7.5	https://www.debian.org/security/2021/dsa-4848
generic_textual	HIGH	https://www.debian.org/security/2021/dsa-4848
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpuApr2021.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpuApr2021.html

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html
		http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html
		http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
		http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16845.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-16845
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
		https://github.com/ulikunitz/xz/issues/35
		https://groups.google.com/forum/#%21topic/golang-announce/NyPIaucMgXo
		https://groups.google.com/forum/#%21topic/golang-announce/_ulYYcIWg3Q
		https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
		https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q
		https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html
		https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/
		https://security.netapp.com/advisory/ntap-20200924-0002
		https://security.netapp.com/advisory/ntap-20200924-0002/
		https://www.debian.org/security/2021/dsa-4848
		https://www.oracle.com/security-alerts/cpuApr2021.html
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:31:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:opensuse:leap:15.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:::::::*
CVE-2020-16845		https://nvd.nist.gov/vuln/detail/CVE-2020-16845
RHBA-2020:5356		https://bugzilla.redhat.com/show_bug.cgi?id=1867099
RHSA-2020:3665		https://access.redhat.com/errata/RHSA-2020:3665
RHSA-2020:4201		https://access.redhat.com/errata/RHSA-2020:4201
RHSA-2020:4214		https://access.redhat.com/errata/RHSA-2020:4214
RHSA-2020:4297		https://access.redhat.com/errata/RHSA-2020:4297
RHSA-2020:5118		https://access.redhat.com/errata/RHSA-2020:5118
RHSA-2020:5119		https://access.redhat.com/errata/RHSA-2020:5119
RHSA-2020:5159		https://access.redhat.com/errata/RHSA-2020:5159
RHSA-2020:5605		https://access.redhat.com/errata/RHSA-2020:5605
RHSA-2020:5606		https://access.redhat.com/errata/RHSA-2020:5606
RHSA-2020:5649		https://access.redhat.com/errata/RHSA-2020:5649
RHSA-2021:0072		https://access.redhat.com/errata/RHSA-2021:0072
RHSA-2021:0172		https://access.redhat.com/errata/RHSA-2021:0172
RHSA-2021:0713		https://access.redhat.com/errata/RHSA-2021:0713
RHSA-2021:0799		https://access.redhat.com/errata/RHSA-2021:0799
RHSA-2021:0956		https://access.redhat.com/errata/RHSA-2021:0956
RHSA-2021:1016		https://access.redhat.com/errata/RHSA-2021:1016
RHSA-2021:1366		https://access.redhat.com/errata/RHSA-2021:1366
RHSA-2021:1515		https://access.redhat.com/errata/RHSA-2021:1515
RHSA-2021:2122		https://access.redhat.com/errata/RHSA-2021:2122
RHSA-2021:4103		https://access.redhat.com/errata/RHSA-2021:4103
USN-5725-1		https://usn.ubuntu.com/5725-1/
USN-5725-2		https://usn.ubuntu.com/5725-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16845.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/ulikunitz/xz/issues/35

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-16845

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-16845

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-16845

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20200924-0002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2021/dsa-4848

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuApr2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.21835
EPSS Score	0.00084
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.