CVE-2020-11104: Improper Restriction of Operations within the Bounds of a Memory Buffer

March 30, 2020 (updated July 21, 2021)

An issue was discovered in USC iLab cereal. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside a trusted context.

References

nvd.nist.gov/vuln/detail/CVE-2020-11104

Code Behaviors & Features

Detect and mitigate CVE-2020-11104 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →