CVE-2018-15160

Опубликовано: 01 сент. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments

Ссылки

https://github.com/libyal/libesedb/issues/43
Exploit
Third Party Advisory
https://github.com/libyal/libesedb/issues/43
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libesedb_project:libesedb:*:*:*:*:*:*:*:*

Версия до 2018-04-01 (включая)

EPSS

Процентиль: 61%

0.00421

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-15160

CVSS3: 6.5

ubuntu

больше 7 лет назад

CVE-2018-15160

CVSS3: 6.5

debian

больше 7 лет назад

The libesedb_catalog_definition_read function in libesedb_catalog_defi ...

GHSA-87j3-r63j-gww6

CVSS3: 6.5

github

больше 3 лет назад

** DISPUTED ** The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.

EPSS

Процентиль: 61%

0.00421

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125