CVE-2020-13545

An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:softmaker:softmaker_office:2021:*:*:*:*:*:*:*

History

19 Apr 2022, 16:15

Type	Values Removed	Values Added
CWE		CWE-787

11 Jan 2021, 16:33

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.8 v3 : 7.8
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162 - Exploit, Third Party Advisory
CWE		CWE-681
CPE		cpe:2.3:a:softmaker:softmaker_office:2021:::::::*

06 Jan 2021, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-01-06 15:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-13545

Mitre link : CVE-2020-13545

CVE.ORG link : CVE-2020-13545

JSON object : View

Products Affected

softmaker

softmaker_office

CWE

CWE-681

Incorrect Conversion between Numeric Types

CWE-787

Out-of-bounds Write

CWE-196

Unsigned to Signed Conversion Error

{"id": "CVE-2020-13545", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-01-06T15:15:14.397", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-681"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-196"}]}], "descriptions": [{"lang": "en", "value": "An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021\u2019s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad de conversi\u00f3n firmada explotable en la funcionalidad de an\u00e1lisis de documentos de TextMaker de la aplicaci\u00f3n TextMaker de SoftMaker Office 2021. Un documento especialmente dise\u00f1ado puede hacer que el analizador de documentos calcule inapropiadamente una longitud usada para asignar un b\u00fafer; m\u00e1s adelante, tras usar este b\u00fafer, la aplicaci\u00f3n escribir\u00e1 fuera de sus l\u00edmites, resultando en una corrupci\u00f3n de la memoria de la regi\u00f3n heap. Un atacante puede atraer a la v\u00edctima para que abra un documento para desencadenar esta vulnerabilidad"}], "lastModified": "2022-06-07T18:37:43.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softmaker:softmaker_office:2021:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845F9D8E-FCC5-48AE-8B74-9BB12E216751"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}