Fedora EPEL 7 update for cabextract
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-18584 CVE-2018-18585 |
| CWE-ID | CWE-787 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system cabextract Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU15530
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-18584
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the mspack/cab.h source code file due to Microsoft cabinet file (CAB) with a Quantum-compressed block of exactly 38,912 B will write 1 B beyond the end of the input buffer. when handling malicious input. A remote unauthenticated attacker can trick the victim into accessing of a CAB file that submits malicious input to the targeted system, trigger an out-of-bounds write condition and cause the application to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
cabextract: before 1.9-7.el7
CPE2.3- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:cabextract:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-780cd884ad
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Null pointer dereference
EUVDB-ID: #VU15908
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18585
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to the chmd_read_headers function, as defined in the mspack/chmd.c source code file of the affected software, accepts filenames that have embedded NULL bytes. A remote attacker can trick the victim into accessing a Compiled HTML (CHM) file that submits malicious input to the targeted system, trigger NULL pointer dereference and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
cabextract: before 1.9-7.el7
CPE2.3- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:cabextract:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-780cd884ad
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
