CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19217
https://notcve.org/view.php?id=CVE-2018-19217
In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party ** EN DISPUTA ** En ncurses 6.1, hay una desreferencia de puntero NULL en la función _nc_name_match que conducirá a un ataque de denegación de servicio (DoS). NOTA: el informe original indicaba la versión 6.1, pero el problema no se reprodujo para esa versión según mantenedor o un tercero fiable. • https://bugzilla.redhat.com/show_bug.cgi?id=1643753 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 2CVE-2018-18751 – gettext: double free in default_add_message in read-catalog.c
https://notcve.org/view.php?id=CVE-2018-18751
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. Se ha descubierto un problema en GNU gettext 0.19.8. Hay una doble liberación (double free) en default_add_message en read-catalog.c, relacionado con una liberación no válida en po_gram_parse en po-gram-gen.y, tal y como queda demostrado con lt-msgfmt. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.html https://access.redhat.com/errata/RHSA-2019:3643 https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefree https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruption https://usn.ubuntu.com/3815-1 https:// • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18701
https://notcve.org/view.php?id=CVE-2018-18701
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. Se ha descubierto una vulnerabilidad en cp-demangle.c en GNU libiberty, tal y como se distribuye en GNU Binutils 2.31. Hay una vulnerabilidad de consumo de pila que resulta de una recursión infinita en las funciones next_is_type_qual() y cplus_demangle_type() en cp-demangle.c. • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675 https://usn.ubuntu.com/4326-1 https://usn.ubuntu.com/4336-1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18700
https://notcve.org/view.php?id=CVE-2018-18700
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. Se ha descubierto una vulnerabilidad en cp-demangle.c en GNU libiberty, tal y como se distribuye en GNU Binutils 2.31. Hay una vulnerabilidad de consumo de pila que resulta de una recursión infinita en las funciones d_name(), d_encoding() y d_local_name() en cp-demangle.c. • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681 https://usn.ubuntu.com/4326-1 https://usn.ubuntu.com/4336-1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18605
https://notcve.org/view.php?id=CVE-2018-18605
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Se ha descubierto un problema de sobrelectura de búfer basada en memoria dinámica (heap) en la función sec_merge_hash_lookup en merge.c en la biblioteca Binary File Descriptor (BFD) (también conocida como libbfd), tal y como se distribuye en GNU Binutils 2.31. Esto se debe a que _bfd_add_merge_section gestiona de manera incorrecta las fusiones de sección cuando el tamaño no es un múltiplo de entsize. Un ELF especialmente manipulado permite que atacantes remotos provoquen una denegación de servicio (DoS), tal y como queda demostrado con Id. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/105754 https://security.netapp.com/advisory/ntap-20190307-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=23804 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=ab419ddbb2cdd17ca83618990f2cacf904ce1d61 https://usn.ubuntu.com/4336-1 • CWE-125: Out-of-bounds Read •