Vulnerability CVE-2018-18584: Information

Description

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-18584

Published: Oct. 23, 2018

Modified: Oct. 25, 2022

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
cabextract	sisyphus	1.11-alt1	1.11-alt1	ALT-PU-2023-1663-1	319134	Fixed
cabextract	sisyphus_e2k	1.11-alt1	1.11-alt1	ALT-PU-2023-3277-1	-	Fixed
cabextract	sisyphus_riscv64	1.11-alt1	1.11-alt1	ALT-PU-2023-3327-1	-	Fixed
cabextract	p10	1.11-alt1	1.7-alt1	ALT-PU-2024-8946-2	350768	Testing
cabextract	p11	1.11-alt1	1.11-alt1	ALT-PU-2023-1663-1	319134	Fixed
libmspack	sisyphus	0.6-alt2	1.11-alt1	ALT-PU-2021-1110-1	265030	Fixed
libmspack	p10	0.6-alt2	0.6-alt2	ALT-PU-2021-1110-1	265030	Fixed
libmspack	p9	0.6-alt2	0.6-alt2	ALT-PU-2021-1165-1	265031	Fixed
libmspack	c10f1	0.6-alt2	0.6-alt2	ALT-PU-2021-1110-1	265030	Fixed
libmspack	c9f2	0.6-alt2	0.6-alt2	ALT-PU-2023-1005-1	312692	Fixed
libmspack	p11	0.6-alt2	1.11-alt1	ALT-PU-2021-1110-1	265030	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.openwall.com/lists/oss-security/2018/10/22/1	Mailing List Third Party Advisory
https://www.cabextract.org.uk/#changes	Product Vendor Advisory
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2	Patch Third Party Advisory
https://bugs.debian.org/911640	Mailing List Third Party Advisory
[debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update	Mailing List Third Party Advisory
USN-3814-2	Third Party Advisory
USN-3814-1	Third Party Advisory
USN-3814-3	Third Party Advisory
GLSA-201903-20	Third Party Advisory
RHSA-2019:2049	Third Party Advisory
https://www.starwindsoftware.com/security/sw-20181213-0001/	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:libmspack_project:libmspack:0.5:alpha:*:*:*:*:*:*
  cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*
  End excliding
  1.8
  cpe:2.3:a:libmspack_project:libmspack:0.4:alpha:*:*:*:*:*:*
  cpe:2.3:a:libmspack_project:libmspack:0.3:alpha:*:*:*:*:*:*
  cpe:2.3:a:libmspack_project:libmspack:0.6:alpha:*:*:*:*:*:*
  cpe:2.3:a:libmspack_project:libmspack:0.7:alpha:*:*:*:*:*:*
  cpe:2.3:a:libmspack_project:libmspack:0.7.1:alpha:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*
  
  Configuration 6
  cpe:2.3:a:starwindsoftware:starwind_virtual_san:-:*:*:*:*:vsphere:*:*

Version: v24.5.3

Vulnerability CVE-2018-18584: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6