PT-2018-15321 · Igraph+1 · Igraph+1

Leonzhao7

Published

2018-12-22

Updated

2023-10-04

CVE-2018-20349

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions igraph versions through 0.7.1

Description The issue is related to a NULL pointer dereference in the igraph i strdiff function within igraph trie.c, which can be exploited by attackers to cause a denial of service, resulting in an application crash. This can be achieved via a crafted object.

Recommendations For versions through 0.7.1, consider updating to a patched version to mitigate this security risk. As a temporary workaround, consider taking necessary precautions to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2018-20349

DLA-2055-1

MGASA-2020-0013

RSEC-2023-4

USN-4644-1

Affected Products

Ubuntu

Igraph

PT-2018-15321 · Igraph+1 · Igraph+1

CVE-2018-20349

Weakness Enumeration

Related Identifiers

Affected Products

References · 19