exploitDog

CVE-2018-8822

Опубликовано: 20 мар. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.

Ссылки

http://www.openwall.com/lists/oss-security/2022/12/27/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/103476
Broken Link
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3653-1/
Third Party Advisory
https://usn.ubuntu.com/3653-2/
Third Party Advisory
https://usn.ubuntu.com/3654-1/
Third Party Advisory
https://usn.ubuntu.com/3654-2/
Third Party Advisory
https://usn.ubuntu.com/3655-1/
Third Party Advisory
https://usn.ubuntu.com/3655-2/
Third Party Advisory
https://usn.ubuntu.com/3656-1/
Third Party Advisory
https://usn.ubuntu.com/3657-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4187
Third Party Advisory
https://www.debian.org/security/2018/dsa-4188
Third Party Advisory
https://www.mail-archive.com/netdev%40vger.kernel.org/msg223373.html
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/12/27/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/103476
Broken Link
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3653-1/
Third Party Advisory
https://usn.ubuntu.com/3653-2/
Third Party Advisory
https://usn.ubuntu.com/3654-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 2.6.12 (включая) до 3.2.102 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.3 (включая) до 3.16.57 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.17 (включая) до 3.18.103 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.19 (включая) до 4.1.52 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.2 (включая) до 4.4.125 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.91 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.14.31 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.15.14 (исключая)

cpe:2.3:o:linux:linux_kernel:4.16:rc:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.16:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.16:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.16:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.16:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.16:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:4.16:rc6:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00053

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2018-8822

CVSS3: 7.8

ubuntu

почти 8 лет назад

Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.

CVE-2018-8822

CVSS3: 6.4

redhat

почти 8 лет назад

Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.

CVE-2018-8822

CVSS3: 7.8

debian

почти 8 лет назад

Incorrect buffer length handling in the ncp_read_kernel function in fs ...

GHSA-h62p-crx4-36fq

CVSS3: 7.8

github

больше 3 лет назад

Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.

SUSE-SU-2018:1048-1

suse-cvrf

почти 8 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 17%

0.00053

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-119