CVE-2018-12684 — Out-of-bounds Read in Project Civetweb

CWE-125 — Out-of-bounds Read CWE-200 — Sensitive Information Exposure CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 59.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Civetweb Project Civetweb

Timeline

PublishedJun 22

Latest updateMay 14

Description

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

▶NVDcivetweb_project/civetweb1.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v8q9-6423-3jq2: Out-of-bounds Read in the send_ssi_file function in civetweb↗2022-05-14

▶

CVEList

CVE-2018-12684: Out-of-bounds Read in the send_ssi_file function in civetweb↗2018-06-22

▶

📋Vendor Advisories

Red Hat

civetweb: Out-of-bounds read in civetweb.c:send_ssi_file() allows attackers to cause denial of service or information disclosure↗2018-06-16

▶

Debian

CVE-2018-12684: civetweb - Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb throu...↗2018

▶

💬Community

Bugzilla

CVE-2018-12684 civetweb: Out-of-bounds read in civetweb.c:send_ssi_file() allows attackers to cause denial of service or information disclosure↗2018-06-27

▶