Denial of service in Mercurial

Published: 2018-10-11 15:36:37
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-17983
CVSSv3 3.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software Mercurial
Vulnerable software versions Mercurial 4.7.1
Mercurial 4.7
Mercurial 4.6.2

Show more

Vendor URL Mercurial

Security Advisory

1) Out-of-bounds read

Description

The vulnerability allows a local attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The vulnerability exists in the cext/manifest.c file due to improper parsing of manifest entries. A remote attacker can send a manifest entry that submits malicious input, trigger an out-of-bounds read condition to access sensitive information or cause a denial of service (DoS) condition.

Remediation

Update to version 4.7.2.

External links

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

Back to List