Lucene search

[email protected]CVE-2018-20860

HistoryJul 30, 2019 - 7:15 p.m.

CVE-2018-20860

2019-07-3019:15:00

CWE-20

[email protected]

web.nvd.nist.gov

111

libopenmpt

cve-2018-20860

security vulnerability

med files

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

50.8%

JSON

libopenmpt before 0.3.13 allows a crash with malformed MED files.

CPENameOperatorVersion
openmpt:libopenmptopenmpt libopenmptlt0.3.13
opensuse:leapopensuse leapeq15.0
opensuse:leapopensuse leapeq15.1

CPE	Name	Operator	Version
openmpt:libopenmpt	openmpt libopenmpt	lt	0.3.13
opensuse:leap	opensuse leap	eq	15.0
opensuse:leap	opensuse leap	eq	15.1

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00084.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00085.html

lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

50.8%

JSON

Related for CVE-2018-20860

osv1 ubuntucve1 cvelist1 debiancve1 prion1 nessus3 suse2 openvas3