From 5e4e9a817aee97e79414da5892814b9967a64244 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 22 Oct 2018 22:04:01 -0400 Subject: [PATCH] - Synchronized data. --- 2018/18xxx/CVE-2018-18584.json | 77 ++++++++++++++++++++++++++++++++++ 2018/18xxx/CVE-2018-18585.json | 72 +++++++++++++++++++++++++++++++ 2018/18xxx/CVE-2018-18586.json | 72 +++++++++++++++++++++++++++++++ 3 files changed, 221 insertions(+) create mode 100644 2018/18xxx/CVE-2018-18584.json create mode 100644 2018/18xxx/CVE-2018-18585.json create mode 100644 2018/18xxx/CVE-2018-18586.json diff --git a/2018/18xxx/CVE-2018-18584.json b/2018/18xxx/CVE-2018-18584.json new file mode 100644 index 00000000000..04b597e0d51 --- /dev/null +++ b/2018/18xxx/CVE-2018-18584.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18584", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.debian.org/911640", + "refsource" : "MISC", + "url" : "https://bugs.debian.org/911640" + }, + { + "name" : "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2", + "refsource" : "MISC", + "url" : "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2" + }, + { + "name" : "https://www.cabextract.org.uk/#changes", + "refsource" : "MISC", + "url" : "https://www.cabextract.org.uk/#changes" + }, + { + "name" : "https://www.openwall.com/lists/oss-security/2018/10/22/1", + "refsource" : "MISC", + "url" : "https://www.openwall.com/lists/oss-security/2018/10/22/1" + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18585.json b/2018/18xxx/CVE-2018-18585.json new file mode 100644 index 00000000000..17489f8cc69 --- /dev/null +++ b/2018/18xxx/CVE-2018-18585.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18585", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the \"/\\0\" name)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.debian.org/911637", + "refsource" : "MISC", + "url" : "https://bugs.debian.org/911637" + }, + { + "name" : "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f", + "refsource" : "MISC", + "url" : "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f" + }, + { + "name" : "https://www.openwall.com/lists/oss-security/2018/10/22/1", + "refsource" : "MISC", + "url" : "https://www.openwall.com/lists/oss-security/2018/10/22/1" + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18586.json b/2018/18xxx/CVE-2018-18586.json new file mode 100644 index 00000000000..c618c417ec0 --- /dev/null +++ b/2018/18xxx/CVE-2018-18586.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18586", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.debian.org/911639", + "refsource" : "MISC", + "url" : "https://bugs.debian.org/911639" + }, + { + "name" : "https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d", + "refsource" : "MISC", + "url" : "https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d" + }, + { + "name" : "https://www.openwall.com/lists/oss-security/2018/10/22/1", + "refsource" : "MISC", + "url" : "https://www.openwall.com/lists/oss-security/2018/10/22/1" + } + ] + } +}