CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-14734 – kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
https://notcve.org/view.php?id=CVE-2018-14734
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). drivers/infiniband/core/ucma.c en el kernel de Linux hasta la versión 4.17.11 permite que ucma_leave_multicast acceda a cierta estructura de datos tras un paso de limpieza en ucma_process_join, lo que permite que los atacantes provoquen una denegación de servicio (uso de memoria previamente liberada). A flaw was found in the Linux Kernel in the ucma_leave_multicast() function in drivers/infiniband/core/ucma.c which allows access to a certain data structure after freeing it in ucma_process_join(). This allows an attacker to cause a use-after-free bug and to induce kernel memory corruption, leading to a system crash or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3797-1 https://usn.ubuntu.com/3797-2 https://usn.ubuntu.com/38 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-14682 – libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
https://notcve.org/view.php?id=CVE-2018-14682
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en la macro TOLOWER() para la descompresión CHM. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904800 https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-14680 – libmspack: off-by-one error in the CHM chunk number validity checks
https://notcve.org/view.php?id=CVE-2018-14680
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. No rechaza los nombres de archivos CHM en blanco. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904801 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-20: Improper Input Validation CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2018-14679 – libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks
https://notcve.org/view.php?id=CVE-2018-14679
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en las comprobaciones de validez de los números de chunk de CHM PMGI/PMGL que podría conducir a una denegación de servicio (referencia de datos no inicializados y cierre inesperado de la aplicación). • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904802 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-14681 – libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
https://notcve.org/view.php?id=CVE-2018-14681
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. Se ha descubierto un problema en kwajd_read_headers en mspack/kwajd.c en libmspack en versiones anteriores a la 0.7alpha. Las extensiones de encabezado de archivo KWAJ incorrectas pueden provocar una sobrescritura de uno o dos bytes. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904799 https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-787: Out-of-bounds Write •