4.3

CVE-2018-18585

Exploit
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KyzerLibmspack Version0.3 Updatealpha
KyzerLibmspack Version0.4 Updatealpha
KyzerLibmspack Version0.5 Updatealpha
KyzerLibmspack Version0.6 Updatealpha
KyzerLibmspack Version0.7 Updatealpha
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
SuseLinux Enterprise Server Version11 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version12 Updatega SwEditionltss
SuseLinux Enterprise Server Version12 Updatesp1 SwEditionltss
SuseLinux Enterprise Server Version12 Updatesp2 SwEditionltss
StarwindsoftwareStarwind Virtual San Version- SwPlatformvsphere
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.06% 0.859
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://security.gentoo.org/glsa/201903-20
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2049
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3814-1/
Third Party Advisory
https://usn.ubuntu.com/3814-2/
Third Party Advisory
https://usn.ubuntu.com/3814-3/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2018/10/22/1
Patch
Third Party Advisory
Mailing List
https://bugs.debian.org/911637
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
Third Party Advisory
Exploit
https://www.starwindsoftware.com/security/sw-20181213-0002/
Third Party Advisory