CVE-2018-18584

CWE-787Out-of-bounds Write16 documents8 sources
Severity
6.5MEDIUM
EPSS
6.4%
top 8.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cabextract Project CabextractCanonical Ubuntu LinuxDebian Debian Linux+3 more
Timeline
PublishedOct 23
Latest updateMay 13

Description

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

Debianlibmspack< 0.8-1+3
Ubuntulibmspack< 0.5-1ubuntu0.16.04.3+1
NVDlibmspack_project/libmspack6 versions+5
Debiancabextract< 1.4-5+3

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-gp3p-9jm9-wrjc: In mspack/cab2022-05-13
OSV
clamav vulnerabilities2018-11-13
OSV
libmspack vulnerabilities2018-11-12
OSV
CVE-2018-18584: In mspack/cab2018-10-23
CVEList
CVE-2018-18584: In mspack/cab2018-10-23

📋Vendor Advisories

5
Ubuntu
ClamAV vulnerabilities2018-11-13
Ubuntu
ClamAV vulnerabilities2018-11-13
Ubuntu
libmspack vulnerabilities2018-11-12
Red Hat
libmspack: Out-of-bounds write in mspack/cab.h2018-10-17
Debian
CVE-2018-18584: cabextract - In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB ...2018

💬Community

5
Bugzilla
CVE-2018-18584 CVE-2018-18585 cabextract: various flaws [epel-all]2018-10-30
Bugzilla
CVE-2018-18584 CVE-2018-18585 cabextract: various flaws [fedora-all]2018-10-30
Bugzilla
CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h2018-10-30
Bugzilla
CVE-2018-18584 CVE-2018-18585 libmspack: various flaws [fedora-all]2018-10-30
Bugzilla
CVE-2018-18584 CVE-2018-18585 libmspack: various flaws [epel-all]2018-10-30
CVE-2018-18584 (MEDIUM CVSS 6.5) | In mspack/cab.h in libmspack before | cvebase.io