Incorrect Check of Function Return Value

CVE-2020-6107

Medium

5.5/10

Summary

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-253 - Incorrect Check of Function Return Value

The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.

References

Advisory Timeline

Published Oct 15, 2020

Incorrect Check of Function Return Value

CVE-2020-6107

Summary

CWE-253 - Incorrect Check of Function Return Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS