Vulnerability Description
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 8.0 |
| Gnu | Sharutils | 4.15.2 |
Related Weaknesses (CWE)
References
- http://seclists.org/bugtraq/2018/Feb/54Mailing ListThird Party Advisory
- https://usn.ubuntu.com/3605-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4167Third Party Advisory
- http://seclists.org/bugtraq/2018/Feb/54Mailing ListThird Party Advisory
- https://usn.ubuntu.com/3605-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4167Third Party Advisory
FAQ
What is CVE-2018-1000097?
CVE-2018-1000097 is a vulnerability with a CVSS score of 7.8 (HIGH). Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform check...
How severe is CVE-2018-1000097?
CVE-2018-1000097 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000097?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Gnu Sharutils.