CVE-2018-13043

CWE-94Code Injection9 documents7 sources
Severity
9.8CRITICAL
EPSS
1.2%
top 21.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian DevscriptsCanonical Ubuntu Linux
Timeline
PublishedJul 1
Latest updateMay 14

Description

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDdebian/devscripts2.18.3
Debiandevscripts< 2.18.4+3

Also affects: Ubuntu Linux 17.10, 18.04

Patches

Patch: bugs.debian.orgPatch: bugs.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-6229-3fh2-qhp3: scripts/grep-excuses2022-05-14
CVEList
CVE-2018-13043: scripts/grep-excuses2018-07-01
OSV
CVE-2018-13043: scripts/grep-excuses2018-07-01

📋Vendor Advisories

2
Ubuntu
devscripts vulnerability2018-07-05
Debian
CVE-2018-13043: devscripts - scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code executio...2018

💬Community

3
Bugzilla
CVE-2018-13043 devscripts: grep-excuses uses YAML:Syck unsafely [fedora-all]2018-07-03
Bugzilla
CVE-2018-13043 devscripts: grep-excuses uses YAML:Syck unsafely [epel-7]2018-07-03
Bugzilla
CVE-2018-13043 devscripts: grep-excuses uses YAML:Syck unsafely2018-07-03
CVE-2018-13043 (CRITICAL CVSS 9.8) | scripts/grep-excuses.pl in Debian d | cvebase.io