CVE-2018-18584

Beschreibung:
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

CWE: CWE-787 CWE-915

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 6.5 (Version: 3.1)

Links:

NVD – CVE-2018-18584
CVE – CVE-2018-18584

Link (max. 20) Quelle Tags
https://www.openwall.com/lists/oss-security/2018/10/22/1 MISC Mailing List Third Party Advisory Third Party Advisory
https://www.cabextract.org.uk/#changes MISC Product Vendor Advisory
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 MISC Patch Third Party Advisory
https://bugs.debian.org/911640 MISC Mailing List Third Party Advisory
[debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update MLIST Mailing List Third Party Advisory
USN-3814-2 UBUNTU Third Party Advisory
USN-3814-1 UBUNTU Third Party Advisory
USN-3814-3 UBUNTU Third Party Advisory
https://www.suse.com/security/cve/CVE-2018-18584/ MISC Third Party Advisory
https://packetstormsecurity.com/files/150310/Ubuntu-Security-Notice-USN-3814-3.html MISC Third Party Advisory VDB Entry
https://access.redhat.com/security/cve/cve-2018-18584 MISC Third Party Advisory
GLSA-201903-20 GENTOO Third Party Advisory
RHSA-2019:2049 REDHAT Third Party Advisory

Quelle: NVD – CVE-2018-18584
Datum Veröffentlichung: 2018-10-23T02:29Z, Datum letzte Änderung: 2021-05-12T20:52Z