CVE-2018-10360 — Out-of-bounds Read in Project File

CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 34.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Project File Canonical Ubuntu Linux Opensuse Leap

Timeline

PublishedJun 11

Latest updateMay 14

Description

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debianfile_project/file< 1:5.33-3+3

▶NVDfile_project/file5.33

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-fgjw-9ghg-j43j: The do_core_note function in readelf↗2022-05-14

▶

OSV

CVE-2018-10360: The do_core_note function in readelf↗2018-06-11

▶

CVEList

CVE-2018-10360: The do_core_note function in readelf↗2018-06-11

▶

📋Vendor Advisories

Red Hat

file: stack-based buffer over-read in do_core_note in readelf.c↗2019-02-18

▶

Ubuntu

file vulnerabilities↗2018-06-28

▶

Ubuntu

file vulnerabilities↗2018-06-14

▶

Red Hat

file: out-of-bounds read via a crafted ELF file↗2018-06-09

▶

Debian

CVE-2018-10360: file - The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote ...↗2018

▶

💬Community

Bugzilla

CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c↗2019-02-20

▶

Bugzilla

CVE-2018-10360 file: out-of-bounds read via a crafted ELF file↗2018-06-11

▶

Bugzilla

CVE-2018-10360 file: out-of-bounds read via a crafted ELF file [fedora-all]↗2018-06-11

▶