Vulnerability Description
miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploitable via the victim must load a specially-crafted map which calls SetLayerSize in its entry script. This vulnerability appears to have been fixed in 5.0.3, 5.1.5, 5.2.10 and later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spheredev | Minisphere | <= 5.2.9 |
Related Weaknesses (CWE)
References
- https://github.com/fatcerberus/minisphere/commit/252c1ca184cb38e1acb917aa0e451c5ExploitPatchThird Party Advisory
- https://github.com/fatcerberus/minisphere/pull/268Third Party Advisory
- https://github.com/fatcerberus/minisphere/commit/252c1ca184cb38e1acb917aa0e451c5ExploitPatchThird Party Advisory
- https://github.com/fatcerberus/minisphere/pull/268Third Party Advisory
FAQ
What is CVE-2018-1000524?
CVE-2018-1000524 is a vulnerability with a CVSS score of 5.5 (MEDIUM). miniSphere version 5.2.9 and earlier contains a Integer Overflow vulnerability in layer_resize() function in map_engine.c that can result in remote denial of service. This attack appear to be exploita...
How severe is CVE-2018-1000524?
CVE-2018-1000524 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000524?
Check the references section above for vendor advisories and patch information. Affected products include: Spheredev Minisphere.