CVE-2018-25033 — Out-of-bounds Read in Project Admesh

CWE-125 — Out-of-bounds Read5 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.5%

top 34.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Admesh Project Admesh Debian Admesh Debian Linux

Timeline

PublishedMay 8

Latest updateMay 9

Description

ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶debiandebian/admesh< admesh 0.98.4-2 (bookworm)

▶PyPIadmesh_project/admesh< 0.98.5

▶Debianadmesh_project/admesh< 0.98.4-2+2

▶NVDadmesh_project/admesh0.98.4

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Out-of-bounds read in admesh↗2022-05-09

▶

OSV

Out-of-bounds read in admesh↗2022-05-09

▶

OSV

CVE-2018-25033: ADMesh through 0↗2022-05-08

▶

📋Vendor Advisories

Debian

CVE-2018-25033: admesh - ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_r...↗2018

▶