Vulnerability CVE-2017-6298: Information

Description

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-6298
Published: Feb. 24, 2017
Modified: Nov. 7, 2023
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libytnefsisyphus1.9.1-alt12.1.2-alt1ALT-PU-2017-1212-1178587Fixed
libytnefp101.9.1-alt12.0-alt1ALT-PU-2017-1212-1178587Fixed
libytnefp91.9.1-alt11.9.3-alt1ALT-PU-2017-1212-1178587Fixed
libytnefp81.9.2-alt0.M80P.11.9.2-alt0.M80P.1ALT-PU-2017-1265-1179354Fixed
libytnefc10f11.9.1-alt12.0-alt1ALT-PU-2017-1212-1178587Fixed
libytnefc9f21.9.1-alt11.9.3-alt1ALT-PU-2017-1212-1178587Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
  • Patch
  • Third Party Advisory
https://github.com/Yeraze/ytnef/pull/27
  • Issue Tracking
  • Patch
  • Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/15/4
  • Mailing List
  • Patch
  • Third Party Advisory
96423
  • Third Party Advisory
  • VDB Entry
DSA-3846
  • Third Party Advisory
FEDORA-2019-7d7083b8be

      1. Configuration 1

        cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*
        End including
        1.9

        Configuration 2

        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top