CVE-2020-28241 Information

Description

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

Reference

https://github.com/maxmind/libmaxminddb/compare/1.4.2…1.4.3 https://github.com/maxmind/libmaxminddb/issues/236 https://github.com/maxmind/libmaxminddb/pull/237 https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html