PT-2018-3809 · Gnu+4 · Gnu Libcdio+4

Zhao Liang

·

Publicado

2018-01-18

·

Atualizado

2022-08-10

·

CVE-2017-18198

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions GNU libcdio versions prior to 1.0.0
Description The issue is related to a heap-based buffer over-read in the print iso9660 recurse function in iso-info.c. This could allow remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted iso file. The vulnerability is associated with reading data beyond the buffer boundaries in memory, which can be exploited by a remote attacker to disrupt service or have other effects.
Recommendations For GNU libcdio versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted iso files to minimize the risk of exploitation.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-1054
BDU:2022-04942
CESA-2018_3246
CVE-2017-18198
MGASA-2018-0209
MGASA-2018-0225
OPENSUSE-SU-2024:10675-1
RHSA-2018:3246
RHSA-2018_3246
USN-5558-1

Produtos afetados

Alt Linux
Centos
Gnu Libcdio
Red Hat
Ubuntu