CVE-2018-15853Uncontrolled Resource Consumption in Libxkbcommon

CWE-400Uncontrolled Resource ConsumptionCWE-674Uncontrolled Recursion11 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Xkbcommon LibxkbcommonXkbcommonDebian Libxkbcommon+2 more
Timeline
PublishedAug 25
Latest updateMay 14

Description

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

debiandebian/libxkbcommon< libxkbcommon 0.8.2-1 (bookworm)
Debianxkbcommon/libxkbcommon< 0.8.2-1+3
Ubuntuxkbcommon/libxkbcommon< 0.4.1-0ubuntu1.1+2
NVDxkbcommon/xkbcommon< 0.8.1

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.comPatch: lists.freedesktop.orgPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-vp7j-5755-6r5q: Endless recursion exists in xkbcomp/expr2022-05-14
OSV
libxkbcommon vulnerabilities2018-11-06
OSV
libxkbcommon vulnerabilities2018-10-08
OSV
CVE-2018-15853: Endless recursion exists in xkbcomp/expr2018-08-25

📋Vendor Advisories

4
Ubuntu
libxkbcommon vulnerabilities2018-11-06
Ubuntu
libxkbcommon vulnerabilities2018-10-08
Red Hat
libxkbcommon: xkbcomp: Endless recursion in xkbcomp/expr.c resulting in a crash2018-03-10
Debian
CVE-2018-15853: libxkbcommon - Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before ...2018

💬Community

2
Bugzilla
CVE-2018-15853 libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash [fedora-all]2018-10-25
Bugzilla
CVE-2018-15853 libxkbcommon: xkbcomp: Endless recursion in xkbcomp/expr.c resulting in a crash2018-08-28