How severe is CVE-2020-11105?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2020-11105?

This is classified as CWE-763, which is a common weakness in software security.

CVE-2020-11105 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests.

Related Vulnerabilities

CVE-2018-6836

CRITICAL

CVSS:9.8(Critical)

The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of s...

CWE-7632018

CVE-2019-11930

CRITICAL

CVSS:9.8(Critical)

An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and ...

CWE-7632019

CVE-2020-0103

CRITICAL

CVSS:9.8(Critical)

In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. ...

CWE-7632020

CVE-2021-24028

CRITICAL

CVSS:9.8(Critical)

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior ...

CWE-7632021

CVE-2021-30473

CRITICAL

CVSS:9.8(Critical)

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.

CWE-7632021

CVE-2022-42309

HIGH

CVSS:8.8(High)

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xens...

CWE-7632022