{"id":"CVE-2019-20367","details":"nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).","modified":"2026-04-16T01:43:13.149355915Z","published":"2020-01-08T17:15:11.757Z","related":["SUSE-SU-2020:1298-1","openSUSE-SU-2020:0679-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","extracted_events":[{"last_affected":"12.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","extracted_events":[{"last_affected":"14.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"16.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"18.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"19.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.1"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html"},{"type":"ADVISORY","url":"https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4243-1/"},{"type":"EVIDENCE","url":"https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/libbsd/libbsd","events":[{"introduced":"0"},{"fixed":"a11c98a6b5f57666260a5a4792404d81d59e418d"},{"fixed":"9d917aad37778a9f4a96ba358415f077f3f36f3b"}],"database_specific":{"cpe":"cpe:2.3:a:freedesktop:libbsd:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"0.10.0"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["0.0","0.0.1","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.2.0","0.3.0","0.4.0","0.4.1","0.4.2","0.5.0","0.5.1","0.5.2","0.6.0","0.7.0","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.9.0","0.9.1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:02:05Z","vanir_signatures":[{"signature_type":"Line","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["196345775308584474326548203501370608928","117179312383696696732209002964919880424","30096019812250696087892895259766991307","67648858372622382913984756949145775050","246870043550956115314895576834314496114","308007934934988426552422046358506278415","8420698635247680829431571837603296816","208920325444813761589317409971170606869","234432775420817522155667897046249299351","72935726870559338984664214232075252684","136385293728070607369190962627516719091","213708016270590239438244198869379749218"],"threshold":0.9},"id":"CVE-2019-20367-42b4aa86","target":{"file":"src/nlist.c"},"source":"https://gitlab.freedesktop.org/libbsd/libbsd@9d917aad37778a9f4a96ba358415f077f3f36f3b"},{"deprecated":false,"signature_version":"v1","target":{"function":"__fdnlist","file":"src/nlist.c"},"digest":{"function_hash":"136690924035898766300959581100126504118","length":2396},"id":"CVE-2019-20367-fac8a904","signature_type":"Function","source":"https://gitlab.freedesktop.org/libbsd/libbsd@9d917aad37778a9f4a96ba358415f077f3f36f3b"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20367.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}