PT-2018-15304 · Libexcel · Libexcel
Fantasyoung
·
Publicado
2018-12-20
·
Atualizado
2019-01-31
·
CVE-2018-20304
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libexcel version 0.01
Description
The issue allows attackers to cause a denial of service (SEGV) via a long second argument in the
wbook addworksheet function in workbook.c.Recommendations
For libexcel version 0.01, consider restricting the length of the second argument passed to the
wbook addworksheet function to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Libexcel