Lucene search
PRIOn knowledge basePRION:CVE-2017-18266HistoryMay 10, 2018 - 2:29 p.m.
Design/Logic Flaw
2018-05-1014:29:00
PRIOn knowledge base
www.prio-n.com
4
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 17.10 | |
| ubuntu_linux | eq | 18.04 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 7.0 | |
| debian_linux | eq | 9.0 | |
| xdg-utils | lt | 1.1.3 |
References
bugs.freedesktop.org/show_bug.cgi?id=103807
cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2
cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog
lists.debian.org/debian-lts-announce/2018/05/msg00014.html
usn.ubuntu.com/3650-1/
www.debian.org/security/2018/dsa-4211
Related
osv
osv
CVE-2017-18266
2018-05-10 14:29:00
xdg-utils - security update
2018-05-25 00:00:00
xdg-utils - security update
2018-05-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for xdg-utils (EulerOS-SA-2021-1861)
2021-05-03 00:00:00
Fedora Update for xdg-utils FEDORA-2018-c8f559e8c2
2018-05-26 00:00:00
Fedora Update for xdg-utils FEDORA-2018-b753813bf0
2018-05-18 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : xdg-utils (EulerOS-SA-2021-1861)
2021-04-30 00:00:00
Debian DSA-4211-1 : xdg-utils - security update
2018-05-29 00:00:00
openSUSE Security Update : xdg-utils (openSUSE-2019-420)
2019-03-27 00:00:00
suse
suse
Security update for xdg-utils (important)
2018-06-08 00:12:56
fedora
fedora
[SECURITY] Fedora 26 Update: xdg-utils-1.1.3-1.fc26
2018-05-25 14:57:37
[SECURITY] Fedora 27 Update: xdg-utils-1.1.3-1.fc27
2018-05-17 13:23:58
[SECURITY] Fedora 28 Update: xdg-utils-1.1.3-1.fc28
2018-05-17 12:50:06
debian
debian
[SECURITY] [DLA 1384-1] xdg-utils security update
2018-05-25 10:10:51
[SECURITY] [DSA 4211-1] xdg-utils security update
2018-05-25 21:02:26
[SECURITY] [DSA 4211-1] xdg-utils security update
2018-05-25 21:02:26
cve
cve
CVE-2017-18266
2018-05-10 14:29:00
ubuntu
ubuntu
xdg-utils vulnerability
2018-05-21 00:00:00
redhatcve
redhatcve
CVE-2017-18266
2018-05-16 11:49:03
veracode
veracode
Argument Injection
2020-12-06 04:47:12
cvelist
cvelist
CVE-2017-18266
2018-05-10 14:00:00
debiancve
debiancve
CVE-2017-18266
2018-05-10 14:29:00
nvd
nvd
CVE-2017-18266
2018-05-10 14:29:00
ubuntucve
ubuntucve
CVE-2017-18266
2018-05-10 00:00:00
mageia
mageia
Updated xdg-utils package fixes security vulnerability
2018-06-20 02:42:28
rosalinux
rosalinux
Advisory ROSA-SA-2021-2001
2021-07-02 18:21:18