CVE-2018-6758

CWE-787Out-of-bounds Write8 documents6 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 32.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Unbit Uwsgi
Timeline
PublishedFeb 6
Latest updateMay 13

Description

The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDunbit/uwsgi2.0.15
Debianuwsgi< 2.0.15-10.2+3

Patches

Patch: lists.unbit.itPatch: github.comPatch: lists.unbit.it

🔴Vulnerability Details

3
GHSA
GHSA-gp37-5368-2566: The uwsgi_expand_path function in core/utils2022-05-13
CVEList
CVE-2018-6758: The uwsgi_expand_path function in core/utils2018-02-06
OSV
CVE-2018-6758: The uwsgi_expand_path function in core/utils2018-02-06

📋Vendor Advisories

1
Debian
CVE-2018-6758: uwsgi - The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has...2018

💬Community

3
Bugzilla
CVE-2018-6758 uwsgi: Stack-based buffer overflow in core/utils.c:uwsgi_expand_path() can lead to crash and potential code execution2018-02-07
Bugzilla
CVE-2018-6758 uwsgi: Stack-based buffer overflow in core/utils.c:uwsgi_expand_path() can lead to crash and potential code execution [fedora-all]2018-02-07
Bugzilla
CVE-2018-6758 uwsgi: Stack-based buffer overflow in core/utils.c:uwsgi_expand_path() can lead to crash and potential code execution [epel-all]2018-02-07
CVE-2018-6758 (CRITICAL CVSS 9.8) | The uwsgi_expand_path function in c | cvebase.io