Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-18385

Опубликовано: 26 сент. 2018
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.

Отчет

The version of rubygem-asciidoctor included in Red Hat Virtualization is affected by this flaw, however it is not exposed to user input in such a way that the vulnerability could be exploited by an attacker.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Virtualization 4rubygem-asciidoctorWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1640723rubygem-asciidoctor: Infinite loop in the #next_block method

EPSS

Процентиль: 70%
0.00625
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-18385

CVSS3: 7.5
ubuntu
больше 7 лет назад

Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.

nvd логотип

CVE-2018-18385

CVSS3: 7.5
nvd
больше 7 лет назад

Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.

debian логотип

CVE-2018-18385

CVSS3: 7.5
debian
больше 7 лет назад

Asciidoctor in versions < 1.5.8 allows remote attackers to cause a den ...

github логотип

GHSA-qc9p-mjxm-j2wj

CVSS3: 7.5
github
больше 3 лет назад

Asciidoctor Infinite Loop vulnerability

fstec логотип

BDU:2024-02119

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость текстового процессора AsciiDoc Asciidoctor, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 70%
0.00625
Низкий

7.5 High

CVSS3