CVE-2018-19637

CWE-377 CWE-593 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 87.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Supportutils Opensuse Supportutils

Timeline

PublishedMar 5

Latest updateMay 14

Description

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 1.3 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5suse/supportutilsunspecified — 3.1-5.7.1

▶NVDopensuse/supportutils< 3.1-5.7.1

🔴Vulnerability Details

GHSA

GHSA-9w5f-7xrh-r828: Supportutils, before version 3↗2022-05-14

▶

CVEList

Static temporary filename allows overwriting of files↗2019-03-05

▶