| ID |
CVE-2018-18751
|
| Summary |
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:gnu:gettext:0.19.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gettext:0.19.8:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 08-09-2020 - 18:15) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-415 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| redhat
via4
|
| advisories | | bugzilla | | id | 1647043 | | title | CVE-2018-18751 gettext: double free in default_add_message in read-catalog.c |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 8 is installed | | oval | oval:com.redhat.rhba:tst:20193384074 |
| OR | | AND | | comment | gettext is earlier than 0:0.19.8.1-17.el8 | | oval | oval:com.redhat.rhsa:tst:20193643001 |
| comment | gettext is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643002 |
|
| AND | | comment | gettext-common-devel is earlier than 0:0.19.8.1-17.el8 | | oval | oval:com.redhat.rhsa:tst:20193643003 |
| comment | gettext-common-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643004 |
|
| AND | | comment | gettext-debugsource is earlier than 0:0.19.8.1-17.el8 | | oval | oval:com.redhat.rhsa:tst:20193643005 |
| comment | gettext-debugsource is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643006 |
|
| AND | | comment | gettext-devel is earlier than 0:0.19.8.1-17.el8 | | oval | oval:com.redhat.rhsa:tst:20193643007 |
| comment | gettext-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643008 |
|
| AND | | comment | gettext-libs is earlier than 0:0.19.8.1-17.el8 | | oval | oval:com.redhat.rhsa:tst:20193643009 |
| comment | gettext-libs is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643010 |
|
|
|
|
| | rhsa | | id | RHSA-2019:3643 | | released | 2019-11-05 | | severity | Low | | title | RHSA-2019:3643: gettext security update (Low) |
|
| bugzilla | | id | 1788414 | | title | [gettext] preuninstall scripts in TPS tests are failing for 2019:45774 |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 7 is installed | | oval | oval:com.redhat.rhba:tst:20150364027 |
| OR | | AND | | comment | emacs-gettext is earlier than 0:0.19.8.1-3.el7 | | oval | oval:com.redhat.rhsa:tst:20201138001 |
| comment | emacs-gettext is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20201138002 |
|
| AND | | comment | gettext is earlier than 0:0.19.8.1-3.el7 | | oval | oval:com.redhat.rhsa:tst:20201138003 |
| comment | gettext is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643002 |
|
| AND | | comment | gettext-common-devel is earlier than 0:0.19.8.1-3.el7 | | oval | oval:com.redhat.rhsa:tst:20201138005 |
| comment | gettext-common-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643004 |
|
| AND | | comment | gettext-devel is earlier than 0:0.19.8.1-3.el7 | | oval | oval:com.redhat.rhsa:tst:20201138007 |
| comment | gettext-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643008 |
|
| AND | | comment | gettext-libs is earlier than 0:0.19.8.1-3.el7 | | oval | oval:com.redhat.rhsa:tst:20201138009 |
| comment | gettext-libs is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20193643010 |
|
|
|
|
| | rhsa | | id | RHSA-2020:1138 | | released | 2020-03-31 | | severity | Low | | title | RHSA-2020:1138: gettext security and bug fix update (Low) |
|
| | rpms | - gettext-0:0.19.8.1-17.el8
- gettext-common-devel-0:0.19.8.1-17.el8
- gettext-debuginfo-0:0.19.8.1-17.el8
- gettext-debugsource-0:0.19.8.1-17.el8
- gettext-devel-0:0.19.8.1-17.el8
- gettext-devel-debuginfo-0:0.19.8.1-17.el8
- gettext-libs-0:0.19.8.1-17.el8
- gettext-libs-debuginfo-0:0.19.8.1-17.el8
- emacs-gettext-0:0.19.8.1-3.el7
- gettext-0:0.19.8.1-3.el7
- gettext-common-devel-0:0.19.8.1-3.el7
- gettext-debuginfo-0:0.19.8.1-3.el7
- gettext-devel-0:0.19.8.1-3.el7
- gettext-libs-0:0.19.8.1-3.el7
- emacs-gettext-0:0.19.8.1-3.el7_7
- gettext-0:0.19.8.1-3.el7_7
- gettext-common-devel-0:0.19.8.1-3.el7_7
- gettext-debuginfo-0:0.19.8.1-3.el7_7
- gettext-devel-0:0.19.8.1-3.el7_7
- gettext-libs-0:0.19.8.1-3.el7_7
- emacs-gettext-0:0.19.8.1-3.el7_6
- gettext-0:0.19.8.1-3.el7_6
- gettext-common-devel-0:0.19.8.1-3.el7_6
- gettext-debuginfo-0:0.19.8.1-3.el7_6
- gettext-devel-0:0.19.8.1-3.el7_6
- gettext-libs-0:0.19.8.1-3.el7_6
|
|
| refmap
via4
|
| misc | | | suse | - openSUSE-SU-2020:1270
- openSUSE-SU-2020:1278
- openSUSE-SU-2020:1385
| | ubuntu | |
|
| Last major update |
08-09-2020 - 18:15 |
| Published |
29-10-2018 - 12:29 |
| Last modified |
08-09-2020 - 18:15 |
