CVE-2020-8859: 
Linux Debian vulnerability analysis and mitigation

CVE-2020-8859 is a vulnerability discovered in ELOG Electronic Logbook version 3.1.4-283534d that allows remote attackers to create a denial-of-service condition. The vulnerability was reported by Asif Akbar of Trend Micro Security Research and was publicly disclosed on February 12, 2020. The issue affects the processing of HTTP parameters in the ELOG Electronic Logbook software (ZDI Advisory, Vendor Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) within the processing of HTTP parameters. When exploited, it triggers the dereference of a null pointer. The vulnerability has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H from NVD, while Zero Day Initiative assessed it with a CVSS v3.0 score of 5.3 (MEDIUM) (NVD).

When successfully exploited, this vulnerability can be leveraged by attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (ZDI Advisory).

The vulnerability has been fixed in version 3.1.4-033e292. Users are advised to upgrade to this version or later. The fix is available through the RPM package at http://elog.psi.ch/elog/download/RPMS/elog-latest.x86_64.rpm (Vendor Advisory).