CVE-2018-16745

Опубликовано: 13 сент. 2018

Источник: debian

Описание

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mgetty	fixed	1.2.1-1		package
mgetty	no-dsa		stretch	package
mgetty	no-dsa		jessie	package

Примечания

https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)

Связанные уязвимости

CVE-2018-16745

CVSS3: 7.8

ubuntu

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.

CVE-2018-16745

CVSS3: 3.9

redhat

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.

CVE-2018-16745

CVSS3: 7.8

nvd

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.

GHSA-p49w-34p5-fh3m

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.

BDU:2018-01132

CVSS3: 2.9

fstec

больше 7 лет назад

Уязвимость функции fax_notify_mail пакета mgetty операционных систем Red Hat Enterprise Linux, позволяющая нарушителю вызвать отказ в обслуживании