VYPR
Unrated severityNVD Advisory· Published Oct 23, 2020· Updated Aug 4, 2024

CVE-2020-9331

CVE-2020-9331

Description

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space.

Affected products

2
  • CryptoPro/CSPdescription
  • CryptoPro/CSPllm-fuzzy
    Range: <=5.0.0.10004

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.