VIR Vulnerability Intelligence Relay

CVE-2020-13934

high
Published 2022-02-08 · Modified 2026-05-20
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2
VIR risk
8.0

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-13934

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-13934.html

OS impact
OSVersionStatusFixed in
arch archfixed9.0.37-1
suse slesaffected
debian debianbookwormfixed9.0.37-1
debian debianbullseyefixed9.0.37-1
debian debianforkyfixed9.0.37-1
debian debiansidfixed9.0.37-1
debian debiantrixiefixed9.0.37-1

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.apache.tomcat:tomcat>=10.0.0-M1,<10.0.0-M610.0.0-M6
java Mavenorg.apache.tomcat:tomcat>=9.0.0.M5,<9.0.369.0.36
java Mavenorg.apache.tomcat:tomcat>=8.5.1,<8.5.568.5.56
java Mavenorg.apache.tomcat:tomcat-coyote>=10.0.0-M1,<10.0.0-M610.0.0-M6
java Mavenorg.apache.tomcat:tomcat-coyote>=9.0.0.M5,<9.0.369.0.36
java Mavenorg.apache.tomcat:tomcat-coyote>=8.5.1,<8.5.568.5.56
java MAVENorg.apache.tomcat:tomcat-coyote>= 8.5.1, < 8.5.568.5.56
java MAVENorg.apache.tomcat:tomcat-coyote>= 9.0.0.M5, < 9.0.369.0.36
java MAVENorg.apache.tomcat:tomcat-coyote>= 10.0.0-M1, <= 10.0.0-M510.0.0-M6
java MAVENorg.apache.tomcat:tomcat>= 8.5.1, < 8.5.568.5.56
java MAVENorg.apache.tomcat:tomcat>= 9.0.0.M5, < 9.0.369.0.36
java MAVENorg.apache.tomcat:tomcat>= 10.0.0-M1, <= 10.0.0-M510.0.0-M6

References

Verify integrity in audit chain (admin only). AS-IS.