6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.4%
A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions chown and chgrp do not prevent replacement of a plain file with a symlink during use of the POSIX “-R -L” options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition (CVE-2017-18018). A flaw was found in Gnulib before 2018-09-23. The convert_to_decimal function in vasnprintf.c has a heap-based buffer overflow because memory is not allocated for a trailing ‘\0’ character during %f processing (CVE-2018-17942).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | coreutils | < 8.25-3.1 | coreutils-8.25-3.1.mga6 |
bugs.mageia.org/show_bug.cgi?id=22495
bugs.mageia.org/show_bug.cgi?id=23825
bugs.mageia.org/show_bug.cgi?id=23825
lists.fedoraproject.org/archives/list/[email protected]/thread/4ZP6L5HXDOVKYTM5ELLYE64H75MT4LZR/
lists.fedoraproject.org/archives/list/[email protected]/thread/JK2ISMPYUEU3JS3L7AVXEHWCI56INCJJ/
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.4%