ID CVE-2018-18584
Summary In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
References
Vulnerable Configurations
  • cpe:2.3:a:libmspack_project:libmspack:0.5:alpha:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.5:alpha:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libmspack_project:libmspack:0.4:alpha:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.4:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libmspack_project:libmspack:0.3:alpha:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.3:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libmspack_project:libmspack:0.6:alpha:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.6:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libmspack_project:libmspack:0.7:alpha:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.7:alpha:*:*:*:*:*:*
  • cpe:2.3:a:libmspack_project:libmspack:0.7.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.7.1:alpha:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*
  • cpe:2.3:a:starwindsoftware:starwind_virtual_san:-:*:*:*:*:vsphere:*:*
    cpe:2.3:a:starwindsoftware:starwind_virtual_san:-:*:*:*:*:vsphere:*:*
CVSS
Base: 4.3 (as of 25-10-2022 - 16:49)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2019:2049
rpms
  • libmspack-0:0.5-0.7.alpha.el7
  • libmspack-debuginfo-0:0.5-0.7.alpha.el7
  • libmspack-devel-0:0.5-0.7.alpha.el7
refmap via4
gentoo GLSA-201903-20
misc
mlist [debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update
ubuntu
  • USN-3814-1
  • USN-3814-2
  • USN-3814-3
Last major update 25-10-2022 - 16:49
Published 23-10-2018 - 02:29
Last modified 25-10-2022 - 16:49
Back to Top