How severe is CVE-2020-36617?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2020-36617?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2020-36617 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models.

Related Vulnerabilities

CVE-2008-0081

CRITICAL

CVSS:9.8(Critical)

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Ma...

CWE-9082008

CVE-2015-8390

CRITICAL

CVSS:9.8(Critical)

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other imp...

CWE-9082015

CVE-2018-25014

CRITICAL

CVSS:9.8(Critical)

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

CWE-9082018

CVE-2019-0006

CRITICAL

CVSS:9.8(Critical)

A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Cha...

CWE-9082019

CVE-2019-12730

CRITICAL

CVSS:9.8(Critical)

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

CWE-9082019

CVE-2019-14052

CRITICAL

CVSS:9.8(Critical)

u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Ind...

CWE-9082019