libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
References:
- https://github.com/maxmind/libmaxminddb/issues/236
- https://nvd.nist.gov/vuln/detail/CVE-2020-28241
- https://github.com/maxmind/libmaxminddb/pull/237
Affected branches:
-
master (39c5a644) -
3.12-stable -
3.11-stable -
3.10-stable
Edited by Leo