CVE-2018-10360
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 11 Jun 2018, 10:00
Last modified:05 Aug 2024, 07:39
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.0 (nvd)
EPSS Score
0.5% LOW
0% probability -1.10%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Jun 2018, 10:00
Published
Vulnerability first disclosed
05 Aug 2024, 07:39
Last Modified
Vulnerability information updated
Description
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.50%• Percentile: 66%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- canonical•ubuntu_linux
12.04 | 14.04 | 16.04 | 17.10 | 18.04
- file_project•file
5.33
- opensuse•leap
15.0 | 42.3
References (6)
- https://usn.ubuntu.com/3686-1/
- https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
- https://usn.ubuntu.com/3686-2/
- https://security.gentoo.org/glsa/201806-08
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html