WinAVR version 20100110 contains an insecure permissions... · CVE-2020-36938 · GitHub Advisory Database · GitHub

WinAVR version 20100110 contains an insecure permissions...

High severity Unreviewed Published Jan 27, 2026 to the GitHub Advisory Database • Updated Jan 27, 2026

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.

References

Published by the National Vulnerability Database

Jan 27, 2026

Published to the GitHub Advisory Database Jan 27, 2026

Last updated Jan 27, 2026

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Local

Attack Complexity Low

Attack Requirements None

Privileges Required Low

User interaction Active

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X