CVE-2020-36149

medium

Published — · Modified —

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-36149

OS impact

OS	Version	Status	Fixed in
arch		fixed	`1.2-1`
debian	bookworm	fixed	`1.2~dfsg0-1`
debian	bullseye	fixed	`1.2~dfsg0-1`
debian	forky	fixed	`1.2~dfsg0-1`
debian	sid	fixed	`1.2~dfsg0-1`
debian	trixie	fixed	`1.2~dfsg0-1`

References

https://security-tracker.debian.org/tracker/CVE-2020-36149

Verify integrity in audit chain (admin only). AS-IS.