Описание
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the ucl_object_emit function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
Отчет
This vulnerability is rated Important for Red Hat products. A flaw in the libucl library allows a remote attacker to trigger a Denial of Service (DoS) by providing specially crafted Universal Configuration Language (UCL) input containing an embedded null byte. This can lead to a segmentation fault when the malformed input is processed.
Меры по смягчению последствий
To mitigate this issue, applications utilizing libucl should avoid processing untrusted input that contains keys with embedded null bytes, especially when operating in UCL_PARSER_ZEROCOPY mode. Restricting input to trusted sources can reduce exposure.
Дополнительная информация
Статус:
8.3 High
CVSS3
Связанные уязвимости
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
A flaw was found in libucl. A remote attacker could exploit this by pr ...
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
8.3 High
CVSS3