Uncovering Memory Defects In Cereal (CVE 2020-11104 & CVE-2020-11105)
ForAllSecure
MAY 26, 2020
Cereal supports serialization/deserialization for three basic archive types: binary, XML, and JSON. Two CVEs: CVE-2020-11104 and CVE-2020-11105. They were both reported in March 2020 to the cereal developers as part of our responsible disclosure. n.serialize(archive); return 0; }. CVE-2020-11104.
Let's personalize your content