Main Vulnerability Database Vulnerabilities #VU10843

Stack-based buffer overflow in uWSGI - CVE-2018-6758

Published: March 2, 2018 / Updated: March 22, 2018

Vulnerability identifier: #VU10843

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-6758

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Unbit

Affected software:
uWSGI

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the uwsgi_expand_path function due to stack-based buffer overflow. A remote attacker can request a specially crafted long directory path, trigger memory corruption and cause the service to crash.

How to mitigate CVE-2018-6758

Install update from vendor's website.

Sources

https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe

Stack-based buffer overflow in uWSGI - CVE-2018-6758

Detailed vulnerability description

How to mitigate CVE-2018-6758

Sources

Please verify you're human