Lucene search

[email protected]CVE-2018-7253

HistoryFeb 19, 2018 - 11:29 p.m.

CVE-2018-7253

2018-02-1923:29:00

CWE-125

[email protected]

web.nvd.nist.gov

135

wavpack

parsedsdiffheaderconfig

denial-of-service

heap overwrite

cve-2018-7253

security vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.

CPENameOperatorVersion
wavpack:wavpackwavpackeq5.1.0
debian:debian_linuxdebian debian linuxeq9.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq17.10

CPE	Name	Operator	Version
wavpack:wavpack	wavpack	eq	5.1.0
debian:debian_linux	debian debian linux	eq	9.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	17.10

References

packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html

bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559

github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec

github.com/dbry/WavPack/issues/28

seclists.org/bugtraq/2019/Dec/37

usn.ubuntu.com/3578-1/

www.debian.org/security/2018/dsa-4125

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2018-7253

prion1 redhatcve1 ubuntucve1 veracode1 osv2 alpinelinux1 debiancve1 nessus11 openvas12 fedora5 ubuntu1 debian2 archlinux2 freebsd1 slackware1 mageia1 suse2