PT-2018-12913 · Libesedb · Libesedb
Published
2018-09-01
·
Updated
2024-08-05
·
CVE-2018-15158
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libesedb versions prior to 2018-04-01
Description
The issue allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. This is due to a problem in the
libesedb page read values function in libesedb page.c. The vendor has disputed this issue as described in the GitHub issue comments.Recommendations
For versions prior to 2018-04-01, consider restricting access to crafted esedb files until a patch is available. As a temporary workaround, avoid using the
libesedb page read values function in libesedb page.c to minimize the risk of exploitation.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libesedb