CVE-2018-18585

2018-10-2200:00:00

ubuntu.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.0%

JSON

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a
filename that has ‘\0’ as its first or second character (such as the “/\0”
name).

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637>

Notes

Author	Note
alexmurray	We released clamav 0.100.2+dfsg-1ubuntu0.1X.04.2 for precise/esm and trusty, but subsequently were notified the bundled libmspack is not actually vulnerable in this case, because ClamAV assigns a filename with a generated hash.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchclamav< 0.100.2+dfsg-1ubuntu0.14.04.2UNKNOWN
ubuntu18.04noarchlibmspack< 0.6-3ubuntu0.2UNKNOWN
ubuntu18.10noarchlibmspack< 0.7-1ubuntu0.1UNKNOWN
ubuntu14.04noarchlibmspack< anyUNKNOWN
ubuntu16.04noarchlibmspack< 0.5-1ubuntu0.16.04.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	clamav	< 0.100.2+dfsg-1ubuntu0.14.04.2	UNKNOWN
ubuntu	18.04	noarch	libmspack	< 0.6-3ubuntu0.2	UNKNOWN
ubuntu	18.10	noarch	libmspack	< 0.7-1ubuntu0.1	UNKNOWN
ubuntu	14.04	noarch	libmspack	< any	UNKNOWN
ubuntu	16.04	noarch	libmspack	< 0.5-1ubuntu0.16.04.3	UNKNOWN