First published: Mon Oct 22 2018(Updated: )
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libmspack | <0.8 | 0.8 |
redhat/cabextract | <1.8 | 1.8 |
Kyzer Libmspack | =0.3-alpha | |
Kyzer Libmspack | =0.4-alpha | |
Kyzer Libmspack | =0.5-alpha | |
Kyzer Libmspack | =0.6-alpha | |
Kyzer Libmspack | =0.7-alpha | |
Debian Debian Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
SUSE Linux Enterprise Server | =11-sp3 | |
SUSE Linux Enterprise Server | =12-ga | |
SUSE Linux Enterprise Server | =12-sp1 | |
SUSE Linux Enterprise Server | =12-sp2 | |
Starwindsoftware Starwind Virtual San Vsphere | ||
ubuntu/clamav | <0.100.2+dfsg-1ubuntu0.14.04.2 | 0.100.2+dfsg-1ubuntu0.14.04.2 |
ubuntu/libmspack | <0.6-3ubuntu0.2 | 0.6-3ubuntu0.2 |
ubuntu/libmspack | <0.7-1ubuntu0.1 | 0.7-1ubuntu0.1 |
ubuntu/libmspack | <0.5-1ubuntu0.16.04.3 | 0.5-1ubuntu0.16.04.3 |
debian/libmspack | 0.10.1-2 0.11-1 0.11-1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-18585 is a vulnerability in the chmd_read_headers function in libmspack before version 0.8alpha.
The severity of CVE-2018-18585 is medium, with a CVSS score of 4.3.
The affected software packages are libmspack before 0.8alpha and clamav.
To fix CVE-2018-18585 for libmspack, update to version 0.8alpha or later.
To fix CVE-2018-18585 for clamav, update to version 0.100.2+dfsg-1ubuntu0.14.04.2 or later.