ID CVE-2018-18585
Summary chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
References
Vulnerable Configurations
  • cpe:2.3:a:kyzer:libmspack:0.3:alpha:*:*:*:*:*:*
    cpe:2.3:a:kyzer:libmspack:0.3:alpha:*:*:*:*:*:*
  • cpe:2.3:a:kyzer:libmspack:0.4:alpha:*:*:*:*:*:*
    cpe:2.3:a:kyzer:libmspack:0.4:alpha:*:*:*:*:*:*
  • cpe:2.3:a:kyzer:libmspack:0.5:alpha:*:*:*:*:*:*
    cpe:2.3:a:kyzer:libmspack:0.5:alpha:*:*:*:*:*:*
  • cpe:2.3:a:kyzer:libmspack:0.6:alpha:*:*:*:*:*:*
    cpe:2.3:a:kyzer:libmspack:0.6:alpha:*:*:*:*:*:*
  • cpe:2.3:a:kyzer:libmspack:0.7:alpha:*:*:*:*:*:*
    cpe:2.3:a:kyzer:libmspack:0.7:alpha:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
CVSS
Base: 4.3 (as of 06-08-2019 - 17:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1644215
title CVE-2018-18585 libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment libmspack is earlier than 0:0.5-0.7.alpha.el7
          oval oval:com.redhat.rhsa:tst:20192049001
        • comment libmspack is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183327002
      • AND
        • comment libmspack-devel is earlier than 0:0.5-0.7.alpha.el7
          oval oval:com.redhat.rhsa:tst:20192049003
        • comment libmspack-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20183327004
rhsa
id RHSA-2019:2049
released 2019-08-06
severity Moderate
title RHSA-2019:2049: libmspack security update (Moderate)
rpms
  • libmspack-0:0.5-0.7.alpha.el7
  • libmspack-debuginfo-0:0.5-0.7.alpha.el7
  • libmspack-devel-0:0.5-0.7.alpha.el7
refmap via4
gentoo GLSA-201903-20
misc
mlist [debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update
ubuntu
  • USN-3814-1
  • USN-3814-2
  • USN-3814-3
Last major update 06-08-2019 - 17:15
Published 23-10-2018 - 02:29
Last modified 06-08-2019 - 17:15
Back to Top