PT-2018-1825 · File+4 · File+4

Publicado

2018-06-11

Atualizado

2024-06-15

CVE-2018-10360

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: file version 5.33

Description: The issue is related to the do core note function in the file command, which is affected by a buffer overflow error. This error allows for out-of-bounds reading, potentially leading to a denial of service. The exploitation of this issue can be triggered by a remote attacker using a specially crafted ELF file, causing the application to crash.

Recommendations: For file version 5.33, consider restricting the use of the do core note function until a patch is available. As a temporary workaround, avoid using the file command with untrusted ELF files to minimize the risk of exploitation.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

BDU:2018-01425

CESA-2020_1022

CVE-2018-10360

MGASA-2018-0295

OPENSUSE-SU-2018_2694-1

OPENSUSE-SU-2019:0345-1

OPENSUSE-SU-2019_0345-1

OPENSUSE-SU-2019_1197-1

OPENSUSE-SU-2024:10755-1

RHSA-2020:1022

RHSA-2020:2521

RHSA-2020:2768

RHSA-2020:2838

RHSA-2020_1022

SUSE-SU-2018:2044-1

SUSE-SU-2018:2682-1

SUSE-SU-2018_2044-1

SUSE-SU-2019:0571-1

SUSE-SU-2019:0839-1

SUSE-SU-2019_0571-1

SUSE-SU-2019_0839-1

USN-3686-1

USN-3686-2

Produtos afetados

Centos

Red Hat

Suse

Ubuntu

File

PT-2018-1825 · File+4 · File+4

CVE-2018-10360

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 61