CVE-2018-1000097

CWE-119Buffer OverflowCWE-122Heap-based Buffer Overflow10 documents9 sources
Severity
7.8HIGH
EPSS
3.6%
top 12.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical Ubuntu LinuxDebian Debian LinuxGNU Sharutils
Timeline
PublishedMar 13
Latest updateMay 14

Description

Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debiansharutils< 1:4.15.2-3+3
NVDgnu/sharutils4.15.2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

3
GHSA
GHSA-vp78-rw8x-8cfq: Sharutils sharutils (unshar command) version 42022-05-14
OSV
CVE-2018-1000097: Sharutils sharutils (unshar command) version 42018-03-13
CVEList
CVE-2018-1000097: Sharutils sharutils (unshar command) version 42018-03-13

📋Vendor Advisories

4
Ubuntu
Sharutils vulnerability2018-03-22
Microsoft
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform check2018-03-13
Red Hat
sharutils: heap-buffer-overflow in find_archive in unshar.c2018-02-21
Debian
CVE-2018-1000097: sharutils - Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow v...2018

💬Community

2
Bugzilla
CVE-2018-1000097 sharutils: heap-buffer-overflow in find_archive in unshar.c2018-02-22
Bugzilla
CVE-2018-1000097 sharutils: heap-buffer-overflow in find_archive in unshar.c [fedora-all]2018-02-22
CVE-2018-1000097 (HIGH CVSS 7.8) | Sharutils sharutils (unshar command | cvebase.io