ALT-PU-2024-8946-3
Package cabextract updated to version 1.11-alt1 for branch p10 in task 350768.
Closed vulnerabilities
Published: 2018-10-22
BDU:2019-01362
Уязвимость библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.6)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2018-10-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://access.redhat.com/errata/RHSA-2019:2049
- https://bugs.debian.org/911640
- https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
- https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html
- https://security.gentoo.org/glsa/201903-20
- https://usn.ubuntu.com/3814-1/
- https://usn.ubuntu.com/3814-2/
- https://usn.ubuntu.com/3814-3/
- https://www.cabextract.org.uk/#changes
- https://www.openwall.com/lists/oss-security/2018/10/22/1
- https://www.starwindsoftware.com/security/sw-20181213-0001/
- https://access.redhat.com/errata/RHSA-2019:2049
- https://bugs.debian.org/911640
- https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
- https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html
- https://security.gentoo.org/glsa/201903-20
- https://usn.ubuntu.com/3814-1/
- https://usn.ubuntu.com/3814-2/
- https://usn.ubuntu.com/3814-3/
- https://www.cabextract.org.uk/#changes
- https://www.openwall.com/lists/oss-security/2018/10/22/1
- https://www.starwindsoftware.com/security/sw-20181213-0001/