CVE-2018-18751: gettext: double free in default_add_message
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Poornima Y N |
Bug Description
CVE-2018-18751: gettext: double free in default_add_messag
CVSSv2: 7.5 (AV:N/AC:
Description:
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
References:
https:/
https:/
https://<email address hidden>
The new RPMs are:
gettext-
gettext-
gettext-
gettext-
gettext-
Reported By: StarlingX May 2020 CVE Scan
CVE References
information type: | Public → Public Security |
tags: | added: stx.3.0 stx.4.0 stx.security |
description: | updated |
description: | updated |
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in starlingx: | |
assignee: | nobody → Poornima Y N (poornimayn) |
tags: | added: in-r-stx30 |
This CVE is applicable to stx.3.0 (r/stx.3.0 branch) & stx.4.0 (master branch)