CVE-2018-17336
udisks: Format string vulnerability in udisks_log in udiskslogging.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
UDisks 2.8.0 tiene una vulnerabilidad de cadena de formato en udisks_log en udiskslogging.c, lo que permite a los atacantes obtener información sensible (contenido de la pila), causar una denegación de servicio (corrupción de la memoria), o, posiblemente, provocar otro impacto no especificado a través de una etiqueta de sistema de archivos mal formada, tal y como queda demostrado con las subcadenas %d o %n.
An uncontrolled format string vulnerability has been discovered in udisks when it mounts a filesystem with a malformed label. A local attacker may use this flaw to leak memory, make the udisks service crash, or cause other unspecified effects.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-22 CVE Reserved
- 2018-09-22 CVE Published
- 2023-09-16 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/storaged-project/udisks/issues/578 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:2178 | 2019-08-06 | |
https://usn.ubuntu.com/3772-1 | 2019-08-06 | |
https://access.redhat.com/security/cve/CVE-2018-17336 | 2019-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1632828 | 2019-08-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freedesktop Search vendor "Freedesktop" | Udisks Search vendor "Freedesktop" for product "Udisks" | 2.8.0 Search vendor "Freedesktop" for product "Udisks" and version "2.8.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
|