1143860 – (CVE-2018-18944) VUL-0: CVE-2018-18944: artha: Buffer Overflow may lead to DoS

Bug 1143860 (CVE-2018-18944) - VUL-0: CVE-2018-18944: artha: Buffer Overflow may lead to DoS

Summary: VUL-0: CVE-2018-18944: artha: Buffer Overflow may lead to DoS

Status:	RESOLVED FIXED

Alias:	CVE-2018-18944

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.1
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major (vote)
Target Milestone:	---
Assignee:	Atri Bhattacharya
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/235376/
Whiteboard:
Keywords:

Depends on:
Blocks:	1174960
	Show dependency tree / graph

Clone This Bug

Reported:	2019-08-01 14:33 UTC by Alexandros Toptsoglou
Modified:	2020-08-06 12:08 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2019-08-01 14:33:14 UTC

CVE-2018-18944

Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.

Exploit:

https://www.exploit-db.com/exploits/45760

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1727889
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18944
https://www.exploit-db.com/author/?a=8844
https://www.exploit-db.com/exploits/45760

Comment 1 Atri Bhattacharya 2020-03-12 09:56:59 UTC

Should be fixed by removal: https://build.opensuse.org/request/show/784238

Comment 2 Atri Bhattacharya 2020-04-11 11:42:36 UTC

Deletion request for 15.2: https://build.opensuse.org/request/show/793081

Comment 3 Atri Bhattacharya 2020-06-14 11:03:29 UTC

Dropped from 15.2 and TW. IMO un-fixable for 15.1 until it reaches End-Of-Life.