Skip to main content

Xkbcommon CVE-2018-15856

MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2018-08-25 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 25, 2018 - 21:29 nvd
MEDIUM 5.5

DescriptionNVD

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.

AnalysisAI

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-835. An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. Affected products include: Xkbcommon, Canonical Ubuntu Linux. Version information: before 0.8.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-15857 HIGH
7.8 Aug 25

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local att

CVE-2018-15864 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local atta

CVE-2018-15863 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by

CVE-2018-15862 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attacke

CVE-2018-15861 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attack

CVE-2018-15859 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 co

CVE-2018-15858 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon

CVE-2018-15855 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereferen

CVE-2018-15854 MEDIUM
5.5 Aug 25

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereferen

CVE-2018-15853 MEDIUM
5.5 Aug 25

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local atta

Share

CVE-2018-15856 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy