CVE-2018-10771 : Stack-based buffer overflow in the get_key function in parse.c in abcm2ps throug

Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Published 2018-05-07 02:29:00

Updated 2022-11-28 22:08:32

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Products affected by CVE-2018-10771

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions
Moinejf » Abcm2ps
Versions up to, including, (<=) 8.13.20
cpe:2.3:a:moinejf:abcm2ps:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-10771

EPSS FAQ

0.96%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-10771

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-10771

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-10771

https://github.com/leesavide/abcm2ps/issues/17

stack-buffer-overflow parse.c:4081 in get_key(struct SYMBOL *s) · Issue #17 · leesavide/abcm2ps · GitHub
Exploit;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html

[SECURITY] [DLA 2983-1] abcm2ps security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6DUTXB4EC3TQHTTAAIBKJ54GJTF6Y7V/

[SECURITY] Fedora 32 Update: abcm2ps-8.14.7-2.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSTB65NYYCKU7O6RF5B6CYY5IA6CA66Y/

[SECURITY] Fedora 31 Update: abcm2ps-8.14.7-2.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGDXW2I3MY3QH4PJXLJET5QZZXMXTNWO/

[SECURITY] Fedora 30 Update: abcm2ps-8.14.7-2.fc30 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://drive.google.com/open?id=1HE9cht7WJPauA66acyJrEywXX8R4Hg-2

20180413-2 - Google Drive
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2018-10771

Products affected by CVE-2018-10771

Exploit prediction scoring system (EPSS) score for CVE-2018-10771

CVSS scores for CVE-2018-10771

CWE ids for CVE-2018-10771

References for CVE-2018-10771