Lucene search

[email protected]CVE-2018-25033

HistoryMay 08, 2022 - 6:15 a.m.

CVE-2018-25033

2022-05-0806:15:06

CWE-125

[email protected]

web.nvd.nist.gov

admesh

cve-2018-25033

buffer over-read

security vulnerability

libadmesh.a

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

7.9 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a.

Affected configurations

NVD

Node

admesh_projectadmeshRange≤0.98.4

Node

debiandebian_linuxMatch9.0

CPENameOperatorVersion
admesh_project:admeshadmesh project admeshle0.98.4

CPE	Name	Operator	Version
admesh_project:admesh	admesh project admesh	le	0.98.4

References

github.com/admesh/admesh/issues/28

lists.debian.org/debian-lts-announce/2022/05/msg00029.html

Social References

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

7.9 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for CVE-2018-25033

prion1 osv4 mageia1 openvas2 debian1 ubuntucve1 cvelist1 nessus1 nvd1 github1 debiancve1 veracode1