Vulnerability Details : CVE-2018-1000661
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69.
Vulnerability category: Memory Corruption
Products affected by CVE-2018-1000661
- cpe:2.3:a:jsish:jsish:2.4.67:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000661
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000661
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-1000661
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000661
-
https://jsish.org/fossil/jsi/tktview/2adeb066894695b38309d92771aea11c8e0a56a8
jsish: View TicketVendor Advisory
Jump to