Medium severity6.5NVD Advisory· Published Nov 6, 2020· Updated Jun 17, 2026
CVE-2020-28241
CVE-2020-28241
Description
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- libmaxminddb/libmaxminddbdescription
- Range: <1.4.3
- osv-coords3 versions
< 1.4.3+ 2 more
- (no CPE)range: < 1.4.3
- (no CPE)range: < 1.2.0-10.el8_9.1
- (no CPE)range: < 1.2.0-10.el8_9.1
Patches
Vulnerability mechanics
References
7- github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3nvdPatchThird Party Advisory
- github.com/maxmind/libmaxminddb/pull/237nvdPatchThird Party Advisory
- github.com/maxmind/libmaxminddb/issues/236nvdExploitPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/11/msg00019.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202011-15nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/nvd
News mentions
0No linked articles in our index yet.