CVE-2018-16743

Опубликовано: 13 сент. 2018

Источник: redhat

CVSS3: 2.9

Описание

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

Отчет

This issue did not affect the versions of mgetty as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the patched login binary provided by mgetty.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	mgetty	Not affected
Red Hat Enterprise Linux 6	mgetty	Not affected
Red Hat Enterprise Linux 7	mgetty	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1629973mgetty: Stack-based buffer overflow with long username in contrib/next-login/login.c

2.9 Low

CVSS3

Связанные уязвимости

CVE-2018-16743

CVSS3: 7.8

ubuntu

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

CVE-2018-16743

CVSS3: 7.8

nvd

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

CVE-2018-16743

CVSS3: 7.8

debian

больше 7 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/ ...

GHSA-63wf-289m-vgw6

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.

openSUSE-SU-2018:3108-1

suse-cvrf

больше 7 лет назад

Security update for mgetty

2.9 Low

CVSS3