CVE-2018-12422

Опубликовано: 16 мая 2018

Источник: redhat

CVSS3: 5.6

Описание

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	evolution-data-server	Will not fix
Red Hat Enterprise Linux 6	evolution-data-server	Will not fix
Red Hat Enterprise Linux 7	evolution-data-server	Will not fix
Red Hat Enterprise Linux 8	evolution-data-server	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1592624evolution-data-server: Unsafe use of strcat allows buffer overflow in addressbook/backends/ldap/e-book-backend-ldap.c

5.6 Medium

CVSS3

Связанные уязвимости

CVE-2018-12422

CVSS3: 9.8

ubuntu

больше 7 лет назад

CVE-2018-12422

CVSS3: 9.8

nvd

больше 7 лет назад

CVE-2018-12422

CVSS3: 9.8

debian

больше 7 лет назад

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Serv ...

GHSA-rqw6-r9qq-6v6g

CVSS3: 9.8

github

больше 3 лет назад

** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap."

5.6 Medium

CVSS3