Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-11503

Опубликовано: 26 мая 2018
Источник: debian

Описание

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
discountfixed2.2.4-1package

Примечания

  • https://github.com/Orc/discount/issues/189#issuecomment-392247798

  • POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase

  • Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974

Связанные уязвимости

ubuntu логотип

CVE-2018-11503

CVSS3: 5.5
ubuntu
больше 7 лет назад

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

redhat логотип

CVE-2018-11503

CVSS3: 4.4
redhat
больше 7 лет назад

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

nvd логотип

CVE-2018-11503

CVSS3: 5.5
nvd
больше 7 лет назад

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

github логотип

GHSA-3g9x-rvrx-gr8q

CVSS3: 5.5
github
больше 3 лет назад

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.