CVE-2019-8905

Опубликовано: 18 фев. 2019

Источник: nvd

CVSS3: 4.4

CVSS2: 3.6

EPSS Низкий

Описание

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/107137
Third Party Advisory
VDB Entry
https://bugs.astron.com/view.php?id=63
Exploit
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3911-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/107137
Third Party Advisory
VDB Entry
https://bugs.astron.com/view.php?id=63
Exploit
Issue Tracking
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3911-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:file_project:file:5.35:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00096

Низкий

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2019-8905

CVSS3: 4.4

ubuntu

почти 7 лет назад

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

CVE-2019-8905

CVSS3: 4.4

redhat

почти 7 лет назад

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

CVE-2019-8905

CVSS3: 4.4

debian

почти 7 лет назад

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...

GHSA-ffw4-28vr-p4x2

CVSS3: 4.4

github

больше 3 лет назад

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

BDU:2020-04827

CVSS3: 8.8

fstec

почти 7 лет назад

Уязвимость функции do_bid_note утилиты для определения типа заданных файлов File, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 27%

0.00096

Низкий

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-125