First published: Mon Jan 21 2019(Updated: )
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rpm Libcomps | <0.1.10 | |
redhat/libcomps | <0.1.10 | 0.1.10 |
<0.1.10 |
https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3817 is a use-after-free vulnerability in libcomps before version 0.1.10.
CVE-2019-3817 allows an attacker to crash an application or execute malicious code by manipulating a crafted comps XML file.
CVE-2019-3817 has a severity rating of 8.8 (high).
Versions of libcomps before 0.1.10 are affected by CVE-2019-3817.
To fix CVE-2019-3817, update libcomps to version 0.1.10 or higher.