PT-2018-3615 · Gnu+6 · Gettext+6

Published

2018-10-28

Updated

2021-12-14

CVE-2018-18751

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gettext versions 0.19.8

Description The issue is related to a double free in the default add message function in the read-catalog.c file of the GNU gettext project for internationalization. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The problem is also related to an invalid free in the po gram parse function in po-gram-gen.y, as demonstrated by lt-msgfmt.

Recommendations For Gettext version 0.19.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2019:3643

BDU:2021-01384

CESA-2019_3643

CESA-2020_1138

CVE-2018-18751

MGASA-2018-0464

OPENSUSE-SU-2020:1270-1

OPENSUSE-SU-2020:1278-1

OPENSUSE-SU-2020:1385-1

OPENSUSE-SU-2020_1270-1

OPENSUSE-SU-2020_1278-1

RHSA-2019:3643

RHSA-2019_3643

RHSA-2020:1138

RHSA-2020:2485

RHSA-2020:2846

RHSA-2020_1138

RLSA-2019:3643

SUSE-SU-2020:2296-1

SUSE-SU-2020_2296-1

SUSE-SU-2021:4060-1

SUSE-SU-2021_4060-1

USN-3815-1

USN-3815-2

Affected Products

Almalinux

Centos

Gettext

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2018-3615 · Gnu+6 · Gettext+6

CVE-2018-18751

Weakness Enumeration

Related Identifiers

Affected Products

References · 46