Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1000221

Опубликовано: 20 авг. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:pkgconf:pkgconf:*:*:*:*:*:*:*:*
Версия от 1.5.0 (включая) до 1.5.2 (включая)

EPSS

Процентиль: 63%
0.0045
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2018-1000221

CVSS3: 9.8
ubuntu
больше 7 лет назад

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.

redhat логотип

CVE-2018-1000221

CVSS3: 3.3
redhat
больше 7 лет назад

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.

debian логотип

CVE-2018-1000221

CVSS3: 9.8
debian
больше 7 лет назад

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerabilit ...

github логотип

GHSA-x83w-rcx4-rx6c

CVSS3: 9.8
github
больше 3 лет назад

pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.

EPSS

Процентиль: 63%
0.0045
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119