PT-2018-18406 · Ibm+2 · Aix+2

Published

2018-04-03

Updated

2018-05-21

CVE-2018-8049

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Unisys Stealth SVG versions 2.8.x through 3.3.x before 3.3.016 Unisys Stealth SVG version 3.0.x before 3.0.1999 Unisys Stealth SVG version 3.2.x before 3.2.030

Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, via crafted packets sent to the Stealth endpoint. This occurs when Unisys Stealth SVG is running on Linux and AIX operating systems.

Recommendations: For Unisys Stealth SVG versions 2.8.x, update to a version after 3.3.016. For Unisys Stealth SVG version 3.0.x, update to version 3.0.1999 or later. For Unisys Stealth SVG version 3.2.x, update to version 3.2.030 or later. As a temporary workaround, consider restricting access to the Stealth endpoint to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-8049

Affected Products

Aix

Linux

Unisys Stealth Svg

PT-2018-18406 · Ibm+2 · Aix+2

CVE-2018-8049

Weakness Enumeration

Related Identifiers

Affected Products

References · 3