CVE-2018-16743

Опубликовано: 13 сент. 2018

Источник: debian

EPSS Низкий

Описание

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mgetty	fixed	1.2.1-1		package

Примечания

contrib/next-login/ not built in Debian packaging
https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
Upstream commit: 5feff135626b8dde886213ce0c99cc4349028a7e (1.2.1)

EPSS

Процентиль: 20%

0.00063

Низкий

Связанные уязвимости

CVE-2018-16743

CVSS3: 7.8

ubuntu

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

CVE-2018-16743

CVSS3: 2.9

redhat

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

CVE-2018-16743

CVSS3: 7.8

nvd

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

GHSA-63wf-289m-vgw6

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

openSUSE-SU-2018:3108-1

suse-cvrf

больше 7 лет назад

Security update for mgetty

EPSS

Процентиль: 20%

0.00063

Низкий