PT-2018-1825 · File+4 · File+4

Published

2018-06-11

Updated

2024-06-15

CVE-2018-10360

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: file version 5.33

Description: The issue is related to the do core note function in the file command, which is affected by a buffer overflow error. This error allows for out-of-bounds reading, potentially leading to a denial of service. The exploitation of this issue can be triggered by a remote attacker using a specially crafted ELF file, causing the application to crash.

Recommendations: For file version 5.33, consider restricting the use of the do core note function until a patch is available. As a temporary workaround, avoid using the file command with untrusted ELF files to minimize the risk of exploitation.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2018-01425

CESA-2020_1022

CVE-2018-10360

MGASA-2018-0295

OPENSUSE-SU-2018_2694-1

OPENSUSE-SU-2019:0345-1

OPENSUSE-SU-2019_0345-1

OPENSUSE-SU-2019_1197-1

OPENSUSE-SU-2024:10755-1

RHSA-2020:1022

RHSA-2020:2521

RHSA-2020:2768

RHSA-2020:2838

RHSA-2020_1022

SUSE-SU-2018:2044-1

SUSE-SU-2018:2682-1

SUSE-SU-2018_2044-1

SUSE-SU-2019:0571-1

SUSE-SU-2019:0839-1

SUSE-SU-2019_0571-1

SUSE-SU-2019_0839-1

USN-3686-1

USN-3686-2

Affected Products

Centos

Red Hat

Suse

Ubuntu

File

PT-2018-1825 · File+4 · File+4

CVE-2018-10360

Weakness Enumeration

Related Identifiers

Affected Products

References · 61