Vulnerability CVE-2018-14681: Information

Description

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-14681
Published: July 29, 2018
Modified: April 26, 2021
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cabextractsisyphus1.6-alt11.11-alt1ALT-PU-2016-1082-1158192Fixed
cabextractp101.6-alt11.7-alt1ALT-PU-2016-1082-1158192Fixed
cabextractp91.6-alt11.7-alt1ALT-PU-2016-1082-1158192Fixed
cabextractc10f11.6-alt11.7-alt1ALT-PU-2016-1082-1158192Fixed
cabextractc9f21.6-alt11.7-alt1ALT-PU-2016-1082-1158192Fixed
clamavsisyphus0.100.2-alt10.103.8-alt1ALT-PU-2018-2498-1215109Fixed
clamavp100.100.2-alt10.103.8-alt1ALT-PU-2018-2498-1215109Fixed
clamavp90.100.2-alt10.103.8-alt1ALT-PU-2018-2498-1215109Fixed
clamavp80.100.2-alt0.M80P.10.103.8-alt1ALT-PU-2018-2506-1215132Fixed
clamavc10f10.100.2-alt10.103.8-alt1ALT-PU-2018-2498-1215109Fixed
clamavc9f20.100.2-alt10.103.8-alt1ALT-PU-2018-2498-1215109Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
  • Patch
  • Third Party Advisory
https://bugs.debian.org/904799
  • Issue Tracking
  • Mailing List
  • Patch
  • Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/07/26/1
  • Mailing List
  • Third Party Advisory
USN-3728-1
  • Third Party Advisory
DSA-4260
  • Third Party Advisory
USN-3728-3
  • Third Party Advisory
1041410
  • Third Party Advisory
  • VDB Entry
[debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
  • Mailing List
  • Third Party Advisory
USN-3728-2
  • Third Party Advisory
USN-3789-2
  • Third Party Advisory
RHSA-2018:3327
  • Third Party Advisory
RHSA-2018:3505
  • Third Party Advisory
GLSA-201903-20
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:cabextract:libmspack:0.6:alpha:*:*:*:*:*:*
      cpe:2.3:a:cabextract:libmspack:0.5:alpha:*:*:*:*:*:*
      cpe:2.3:a:cabextract:libmspack:0.4:alpha:*:*:*:*:*:*
      cpe:2.3:a:cabextract:libmspack:0.3:alpha:*:*:*:*:*:*
      cpe:2.3:a:cabextract:libmspack:0.0.20060920:alpha:*:*:*:*:*:*
      cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*
      End including
      1.5

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top