Md4C
CVE-2018-11546
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.
AnalysisAI
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. Affected products include: Md4C Project Md4C.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. Rated critica
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandl
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link lab
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of s
md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block. Rate
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today