Ubuntu.comUB:CVE-2018-11410CVE-2018-11410
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.3%
An issue was discovered in Liblouis 3.5.0. A invalid free in the
compileRule function in compileTranslationTable.c allows remote attackers
to cause a denial of service (application crash) or possibly have
unspecified other impact.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899999>
- <https://bugzilla.redhat.com/show_bug.cgi?id=1582024>
- <https://github.com/liblouis/liblouis/issues/573>
Notes
| Author | Note |
|---|---|
| leosilva | trusty and xenial hasn’t the affected code. for artful and devel POC is not reproducible. Only bionic has core dump behaviour testing with the POC. |
References
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.3%