Invalid free condition in Liblouis - CVE-2018-11410
Published: June 6, 2018 / Updated: June 12, 2018
Vulnerability identifier: #VU13196
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-11410
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Liblouis
Affected software:
Liblouis
Liblouis
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to buffer overflow in the compileRule function, as defined in the compileTranslationTable.c source code file, during table parsing operations. A remote attacker can send a specially crafted request that submits malicious input, trigger memory corruption and invalid free condition and cause the service to crash.
How to mitigate CVE-2018-11410
Update to version 3.6.0.