CVE-2018-16863

EPSS 0.08%
Veröffentlicht 03.12.2018 17:29:00
Zuletzt bearbeitet 21.11.2024 03:53:28
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Artifex ≫ Ghostscript Version9.07

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.253

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
secalert@redhat.com	7.3	3.9	3.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d

http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486

https://access.redhat.com/errata/RHSA-2018:3761

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-16863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16863

EUVD