Home > Vulnerability Database > CVE-2020-36402

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2020-36402

Date: June 30, 2021

Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change.

Language: C++

Severity Score

7.8

Related Resources (5)

Url: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/solidity/OSV-2020-2131.yaml

Url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26997

Url: https://github.com/ethereum/solidity/commit/c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36402

Url: https://www.mend.io/vulnerability-database/CVE-2020-36402

Severity Score

7.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us