StarlingX

file : CVE-2018-10360: out-of-bounds read and application crash

Bug #1912156 reported by Zhixiong Chi on 2021-01-18

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	Zhixiong Chi

Bug Description

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Description:
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10360
https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22

Required package version:
file-5.11-37.el7.x86-64.rpm
file-libs-5.11-37.el7.x86-64.rpm
file-devel-5.11-37.el7.x86-64.rpm

Packages:
file
file-libs
file-devel

Tags:

Zhixiong Chi (zhixiongchi) on 2021-01-18

Changed in starlingx:
assignee:	nobody → Zhixiong Chi (zhixiongchi)
status:	New → In Progress

Zhixiong Chi (zhixiongchi) on 2021-01-22

Changed in starlingx:
status:	In Progress → Fix Committed

Revision history for this message

Zhixiong Chi (zhixiongchi) wrote on 2021-03-15:

https://review.opendev.org/c/starlingx/tools/+/771379

Changed in starlingx:
status:	Fix Committed → Fix Released

Ghada Khalil (gkhalil) on 2022-09-27

Changed in starlingx:
importance:	Undecided → Medium
information type:	Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.