Описание
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
An improper initialization issue was found in libmaxminddb. A remote user could exploit this flaw by sending a specially crafted MaxMind DB file that, when parsed by an application linked to libmaxminddb, would possibly crash the application, resulting in a denial of service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | libmaxminddb | Will not fix | ||
| Red Hat Enterprise Linux 9 | libmaxminddb | Not affected | ||
| Red Hat Enterprise Linux 8 | libmaxminddb | Fixed | RHSA-2024:0768 | 12.02.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | libmaxminddb | Fixed | RHSA-2024:0751 | 08.02.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | libmaxminddb | Fixed | RHSA-2024:0750 | 08.02.2024 |
| RHEL-8 based Middleware Containers | rh-sso-7/sso76-openshift-rhel8 | Fixed | RHSA-2024:1686 | 04.04.2024 |
| RHEL-8 based Middleware Containers | rh-sso-7/sso7-rhel8-operator-bundle | Fixed | RHSA-2024:1686 | 04.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
EPSS
6.5 Medium
CVSS3