VU#307144

2025-06-12 02:05:39 +00:00 · 2018-08-14 10:53:01 -04:00 · 2018-08-14 10:53:01 -04:00 · 72c66ef3b4
commit 72c66ef3b4
parent e2e5e36cf1
1 changed files with 62 additions and 12 deletions
--- a/2018/5xxx/CVE-2018-5392.json
+++ b/2018/5xxx/CVE-2018-5392.json
@ -1,18 +1,68 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-5392",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "cert@cert.org",
+      "ID": "CVE-2018-5392",
+      "STATE": "PUBLIC",
+      "TITLE": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "mingw-w64",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "=",
+                                 "version_name": "5.0.4",
+                                 "version_value": "5.0.4"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "mingw"
+            }
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result."
         }
      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-824"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "VU#307144",
+            "refsource": "CERT-VN",
+            "url": "https://www.kb.cert.org/vuls/id/307144"
+         }
+      ]
+   },
+   "source": {
+      "discovery": "UNKNOWN"
   }
-}
+}