{"id":"CVE-2020-15904","details":"A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.","aliases":["GHSA-f8m3-jpxr-hm5x","PYSEC-2020-30"],"modified":"2026-03-14T10:06:49.039031Z","published":"2020-07-22T23:15:11.330Z","references":[{"type":"ADVISORY","url":"https://github.com/ilanschnell/bsdiff4/blob/master/CHANGELOG.txt"},{"type":"FIX","url":"https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ilanschnell/bsdiff4","events":[{"introduced":"0"},{"fixed":"0b2b452102716c5f0ec1a4575f9ee4a32583075c"},{"fixed":"49a4cee2feef7deaf9d89e5e793a8824930284d7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.0"}]}}],"versions":["1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15904.json","vanir_signatures":[{"signature_type":"Line","id":"CVE-2020-15904-3e8f5ee8","source":"https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7","target":{"file":"bsdiff4/core.c"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["340220858517578814907242374715912337294","249112512010043413667638327401764711275","189019597522981605886487086948941746768","168663676184366194950515564497195890779","149900700182757724265752921310883031126","9488832237023589447927045093353610056","162976897186473734919379098591521326167","318887190277594465809371203738702984476","219265411217723584566294589037845646733"],"threshold":0.9}},{"signature_type":"Function","id":"CVE-2020-15904-71af10c9","source":"https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7","target":{"function":"patch","file":"bsdiff4/core.c"},"signature_version":"v1","deprecated":false,"digest":{"length":1613,"function_hash":"322173807638438432450463636713655710926"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}