CVE-2020-15904: Out-of-bounds Write

July 22, 2020 (updated July 31, 2020)

A buffer overflow in the patching routine of bsdiff4 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.

References

nvd.nist.gov/vuln/detail/CVE-2020-15904

Detect and mitigate CVE-2020-15904 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →