CVE-2018-14043 — CRITICAL (9.8)

Vulnerability Description

mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Monetra	Mstdlib	1.2.0

Related Weaknesses (CWE)

CWE-732

References

https://github.com/Monetra/mstdlib/commit/db124b8f607dd0a40a9aef2d4d468fad433522PatchThird Party Advisory
https://github.com/Monetra/mstdlib/issues/2Third Party Advisory
https://github.com/Monetra/mstdlib/commit/db124b8f607dd0a40a9aef2d4d468fad433522PatchThird Party Advisory
https://github.com/Monetra/mstdlib/issues/2Third Party Advisory

FAQ

What is CVE-2018-14043?

CVE-2018-14043 is a vulnerability with a CVSS score of 9.8 (CRITICAL). mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) d...

How severe is CVE-2018-14043?

CVE-2018-14043 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-14043?

Check the references section above for vendor advisories and patch information. Affected products include: Monetra Mstdlib.