CVE-2018-14447 — HIGH (8.8)

Vulnerability Description

trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libconfuse Project	Libconfuse	3.2.1
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-125

References

http://hac425.unaux.com/index.php/archives/64/Not Applicable
https://github.com/martinh/libconfuse/issues/109ExploitIssue TrackingPatch
https://lists.debian.org/debian-lts-announce/2018/08/msg00017.htmlThird Party Advisory
http://hac425.unaux.com/index.php/archives/64/Not Applicable
https://github.com/martinh/libconfuse/issues/109ExploitIssue TrackingPatch
https://lists.debian.org/debian-lts-announce/2018/08/msg00017.htmlThird Party Advisory

FAQ

What is CVE-2018-14447?

CVE-2018-14447 is a vulnerability with a CVSS score of 8.8 (HIGH). trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.

How severe is CVE-2018-14447?

CVE-2018-14447 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14447?

Check the references section above for vendor advisories and patch information. Affected products include: Libconfuse Project Libconfuse, Debian Debian Linux.