Vulnerability CVE-2018-18584: Information
Description
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
cabextract | sisyphus | 1.11-alt1 | 1.11-alt1 | ALT-PU-2023-1663-1 | 319134 | Fixed |
cabextract | sisyphus_e2k | 1.11-alt1 | 1.11-alt1 | ALT-PU-2023-3277-1 | - | Fixed |
cabextract | sisyphus_riscv64 | 1.11-alt1 | 1.11-alt1 | ALT-PU-2023-3327-1 | - | Fixed |
cabextract | p10 | 1.11-alt1 | 1.7-alt1 | ALT-PU-2024-8946-2 | 350768 | Testing |
cabextract | p11 | 1.11-alt1 | 1.11-alt1 | ALT-PU-2023-1663-1 | 319134 | Fixed |
libmspack | sisyphus | 0.6-alt2 | 1.11-alt1 | ALT-PU-2021-1110-1 | 265030 | Fixed |
libmspack | p10 | 0.6-alt2 | 0.6-alt2 | ALT-PU-2021-1110-1 | 265030 | Fixed |
libmspack | p9 | 0.6-alt2 | 0.6-alt2 | ALT-PU-2021-1165-1 | 265031 | Fixed |
libmspack | c10f1 | 0.6-alt2 | 0.6-alt2 | ALT-PU-2021-1110-1 | 265030 | Fixed |
libmspack | c9f2 | 0.6-alt2 | 0.6-alt2 | ALT-PU-2023-1005-1 | 312692 | Fixed |
libmspack | p11 | 0.6-alt2 | 1.11-alt1 | ALT-PU-2021-1110-1 | 265030 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.openwall.com/lists/oss-security/2018/10/22/1 |
|
https://www.cabextract.org.uk/#changes |
|
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 |
|
https://bugs.debian.org/911640 |
|
[debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update |
|
USN-3814-2 |
|
USN-3814-1 |
|
USN-3814-3 |
|
GLSA-201903-20 |
|
RHSA-2019:2049 |
|
https://www.starwindsoftware.com/security/sw-20181213-0001/ |
|