CVE-2019-11476 — Integer Overflow or Wraparound in Whoopsie

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

7.8HIGHNVD

CNA6.5

EPSS

0.1%

top 81.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Whoopsie Project Whoopsie Ubuntu Whoopsie Canonical Ubuntu Linux

Timeline

PublishedAug 29

Latest updateMay 24

Description

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Ubuntuwhoopsie_project/whoopsie< 0.2.52.5ubuntu0.1+1

▶CVEListV5ubuntu/whoopsie4 versions+3

Also affects: Ubuntu Linux 16.04, 18.04, 18.10, 19.04

🔴Vulnerability Details

GHSA

GHSA-g2qp-pv3v-q7w2: An integer overflow in whoopsie before versions 0↗2022-05-24

▶

CVEList

Integer overflow in whoopsie results in out-of-bounds heap write↗2019-08-29

▶

OSV

CVE-2019-11476: An integer overflow in whoopsie before versions 0↗2019-07-09

▶

📋Vendor Advisories

Ubuntu

Whoopsie vulnerability↗2019-07-09

▶