Lucene search

K
amazonAmazonALAS-2019-1326
HistoryDec 13, 2019 - 9:12 p.m.

Medium: file

2019-12-1321:12:00
alas.aws.amazon.com
59
file
heap-based buffer overflow
cve-2019-18218
update
red hat
mitre

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

46.2%

Issue Overview:

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). (CVE-2019-18218)

Affected Packages:

file

Issue Correction:
Run yum update file to update your system.

New Packages:

i686:  
    file-debuginfo-5.37-8.48.amzn1.i686  
    file-devel-5.37-8.48.amzn1.i686  
    file-libs-5.37-8.48.amzn1.i686  
    file-5.37-8.48.amzn1.i686  
    file-static-5.37-8.48.amzn1.i686  
  
noarch:  
    python27-magic-5.37-8.48.amzn1.noarch  
    python26-magic-5.37-8.48.amzn1.noarch  
  
src:  
    file-5.37-8.48.amzn1.src  
  
x86_64:  
    file-libs-5.37-8.48.amzn1.x86_64  
    file-static-5.37-8.48.amzn1.x86_64  
    file-debuginfo-5.37-8.48.amzn1.x86_64  
    file-5.37-8.48.amzn1.x86_64  
    file-devel-5.37-8.48.amzn1.x86_64  

Additional References

Red Hat: CVE-2019-18218

Mitre: CVE-2019-18218

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

46.2%