libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
References:
- https://github.com/maxmind/libmaxminddb/issues/236
- https://nvd.nist.gov/vuln/detail/CVE-2020-28241
- https://github.com/maxmind/libmaxminddb/pull/237
Affected branches:
- master (39c5a644)
- 3.12-stable
- 3.11-stable
- 3.10-stable
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information