CVE-2018-12422

Name of the Vulnerable Software and Affected Versions GNOME Evolution versions through 3.29.2

Description The issue might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function in the e-book-backend-ldap.c file. However, the software maintainer disputes this, stating that the code had computed the required string length first and then allocated a large-enough buffer on the heap.

Recommendations For versions through 3.29.2, consider this issue disputed and no specific fix is provided, however, as a precautionary measure, restrict access to the e-book-backend-ldap.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.