Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2018-20542

HistoryDec 28, 2018 - 4:29 p.m.

CVE-2018-20542

2018-12-2816:29:04

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.2%

JSON

There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address).

OSVersionArchitecturePackageVersionFilename
Debian12alllibxsmm< 1.17-1libxsmm_1.17-1_all.deb
Debian999alllibxsmm< 1.17-1libxsmm_1.17-1_all.deb
Debian13alllibxsmm< 1.17-1libxsmm_1.17-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libxsmm	< 1.17-1	libxsmm_1.17-1_all.deb
Debian	999	all	libxsmm	< 1.17-1	libxsmm_1.17-1_all.deb
Debian	13	all	libxsmm	< 1.17-1	libxsmm_1.17-1_all.deb

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.2%

JSON

Related for DEBIANCVE:CVE-2018-20542