Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2018-0455
HistoryNov 18, 2018 - 1:23 a.m.

Updated libmspack/cabextract packages fix security vulnerabilities

2018-11-1801:23:26
Gentoo Foundation
advisories.mageia.org
24

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.275

Percentile

96.9%

JSON

Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service (CVE-2018-14679, CVE-2018-14680). Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14681). Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14682). If a CAB file has a Quantum-compressed datablock with exactly 38912 compressed bytes, cabextract would write exactly one byte beyond its input buffer (CVE-2018-18584). libmspack didn’t reject blank CHM filenames that are blank because they have embedded null bytes, not just because they are zero-length (CVE-2018-18585). chmextract didn’t protect from absolute/relative pathnames in CHM files (CVE-2018-18586).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchlibmspack< 0.9.1-0.alpha.1libmspack-0.9.1-0.alpha.1.mga6
Mageia6noarchcabextract< 1.9-1cabextract-1.9-1.mga6

Related

gentoo 1
openvas 49
nessus 66
fedora 9
ibm 2
osv 5
ubuntu 7
debian 4
redhat 2
oraclelinux 2
centos 2
amazon 3
suse 6
freebsd 1
altlinux 3
photon 4
redhatcve 5
alpinelinux 4
debiancve 3
cve 4
prion 4
ubuntucve 3
cvelist 3
nvd 4
veracode 2
checkpoint_advisories 1
gentoo
gentoo
cabextract, libmspack: Multiple vulnerabilities
2019-03-28 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0455)
2022-01-28 00:00:00
Fedora Update for libmspack FEDORA-2018-c73d257297
2018-11-20 00:00:00
Fedora Update for libmspack FEDORA-2018-cb337fb199
2018-11-13 00:00:00
nessus
nessus
GLSA-201903-20 : cabextract, libmspack: Multiple vulnerabilities
2019-03-28 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : libmspack Multiple Vulnerabilities (NS-SA-2019-0217)
2019-12-02 00:00:00
Fedora 29 : cabextract / libmspack (2018-a5953af115)
2019-01-03 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libmspack-0.9.1-0.1.alpha.fc28
2018-11-13 02:28:31
[SECURITY] Fedora 27 Update: libmspack-0.9.1-0.1.alpha.fc27
2018-11-17 02:08:32
[SECURITY] Fedora 28 Update: cabextract-1.9-1.fc28
2018-11-13 02:28:31
ibm
ibm
Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM
2019-03-04 05:55:02
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801r
2018-10-26 21:10:01
osv
osv
libmspack - security update
2018-08-06 00:00:00
libmspack - security update
2018-08-02 00:00:00
libmspack - security update
2018-10-26 00:00:00
ubuntu
ubuntu
ClamAV vulnerabilities
2018-08-01 00:00:00
libmspack vulnerabilities
2018-08-01 00:00:00
ClamAV vulnerabilities
2018-08-02 00:00:00
debian
debian
[SECURITY] [DSA 4260-1] libmspack security update
2018-08-02 21:09:34
[SECURITY] [DLA-1460-1] libmspack security update
2018-08-06 09:20:01
[SECURITY] [DSA 4260-1] libmspack security update
2018-08-02 21:09:34
redhat
redhat
(RHSA-2018:3327) Low: libmspack security update
2018-10-30 04:43:45
(RHSA-2019:2049) Moderate: libmspack security update
2019-08-06 07:55:28
oraclelinux
oraclelinux
libmspack security update
2018-11-05 00:00:00
libmspack security update
2019-08-13 00:00:00
centos
centos
libmspack security update
2018-11-15 18:48:49
libmspack security update
2019-08-30 03:17:15
amazon
amazon
Low: libmspack
2019-01-23 23:27:00
Low: clamav
2019-01-09 22:56:00
Medium: libmspack
2019-10-08 21:55:00
suse
suse
Security update for libmspack (moderate)
2021-08-20 00:00:00
Security update for libmspack (moderate)
2021-08-26 00:00:00
Security update for clamav (moderate)
2018-10-27 00:15:36
freebsd
freebsd
clamav -- multiple vulnerabilities
2018-10-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
Security fix for the ALT Linux 8 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
Security fix for the ALT Linux 10 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0196
2018-11-15 00:00:00
Moderate Photon OS Security Update - PHSA-2018-0196
2018-11-15 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0247
2019-08-02 00:00:00
redhatcve
redhatcve
CVE-2018-18586
2018-10-30 09:58:02
CVE-2018-18584
2019-10-09 10:10:02
CVE-2018-14679
2019-10-10 16:21:49
alpinelinux
alpinelinux
CVE-2018-18586
2018-10-23 02:29:00
CVE-2018-18584
2018-10-23 02:29:00
CVE-2018-14681
2018-07-28 23:29:00
debiancve
debiancve
CVE-2018-18586
2018-10-23 02:29:00
CVE-2018-18585
2018-10-23 02:29:00
CVE-2018-18584
2018-10-23 02:29:00
cve
cve
CVE-2018-18586
2018-10-23 02:29:00
CVE-2018-18584
2018-10-23 02:29:00
CVE-2018-14679
2018-07-28 23:29:00
prion
prion
Directory traversal
2018-10-23 02:29:00
Out-of-bounds
2018-10-23 02:29:00
Code injection
2018-10-23 02:29:00
ubuntucve
ubuntucve
CVE-2018-18586
2018-10-23 00:00:00
CVE-2018-18584
2018-10-22 00:00:00
CVE-2018-18585
2018-10-22 00:00:00
cvelist
cvelist
CVE-2018-18586
2018-10-23 02:00:00
CVE-2018-14679
2018-07-28 23:00:00
CVE-2018-18585
2018-10-23 00:00:00
nvd
nvd
CVE-2018-18586
2018-10-23 02:29:00
CVE-2018-18585
2018-10-23 02:29:00
CVE-2018-18584
2018-10-23 02:29:00
veracode
veracode
Denial Of Service (Dos)
2019-08-08 00:07:15
Improper NULL Byte Parsing
2019-08-08 00:07:16
checkpoint_advisories
checkpoint_advisories
Libmspack Project Buffer Overflow (CVE-2018-18584)
2019-02-19 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.275

Percentile

96.9%

JSON
Related for MGASA-2018-0455
gentoo1openvas49nessus66fedora9ibm2osv5ubuntu7debian4redhat2oraclelinux2centos2amazon3suse6freebsd1altlinux3photon4redhatcve5alpinelinux4debiancve3cve4prion4ubuntucve3cvelist3nvd4veracode2checkpoint_advisories1