Skip to main content

Libmspack CVE-2018-18585

MEDIUM
NULL Pointer Dereference (CWE-476)
2018-10-23 cve@mitre.org
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Oct 23, 2018 - 02:29 nvd
MEDIUM 4.3

DescriptionNVD

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

AnalysisAI

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Affected products include: Kyzer Libmspack, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation. Version information: before 0.8.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2015-4472 MEDIUM POC
6.8 Jun 11

Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of

CVE-2019-1010305 MEDIUM POC
5.5 Jul 15

libmspack 0.9.1alpha is affected by: Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authent

CVE-2018-18586 MEDIUM POC
5.3 Oct 23

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against a

CVE-2014-9556 MEDIUM POC
5.0 Feb 03

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (

CVE-2018-14682 HIGH
8.8 Jul 28

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2018-14681 HIGH
8.8 Jul 28

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Rated high severity (CVSS

CVE-2015-4471 MEDIUM POC
4.3 Jun 11

Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a de

CVE-2015-4470 MEDIUM POC
4.3 Jun 11

Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial o

CVE-2014-9732 MEDIUM POC
4.3 Jun 11

The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certai

CVE-2015-4469 MEDIUM POC
4.3 Jun 11

The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote att

CVE-2015-4468 MEDIUM POC
4.3 Jun 11

Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to caus

CVE-2015-4467 MEDIUM POC
4.3 Jun 11

The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which all

Share

CVE-2018-18585 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy