CVE-2018-1056 - OpenCVE

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Advancemame	Advancecomp
Canonical	Ubuntu Linux
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:advancemame:advancecomp:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270	Exploit Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html	Mailing List Third Party Advisory
https://sourceforge.net/p/advancemame/bugs/259/	Issue Tracking Third Party Advisory
https://usn.ubuntu.com/3570-1/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-27T18:00:00

Updated: 2021-12-29T23:06:28

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1056

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-07-27T18:29:01.343

Modified: 2022-01-21T14:47:14.260

Link: CVE-2018-1056

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "advancecomp:", "vendor": "amadvance", "versions": [{"status": "affected", "version": "2.1-2018/02"}]}], "datePublic": "2018-02-03T00:00:00", "descriptions": [{"lang": "en", "value": "An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-29T23:06:28", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[debian-lts-announce] 20190302 [SECURITY] [DLA 1702-1] advancecomp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270"}, {"name": "USN-3570-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3570-1/"}, {"name": "[debian-lts-announce] 20180213 [SECURITY] [DLA 1281-1] advancecomp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceforge.net/p/advancemame/bugs/259/"}, {"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2868-1] advancecomp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1056", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "advancecomp:", "version": {"version_data": [{"version_value": "2.1-2018/02"}]}}]}, "vendor_name": "amadvance"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files."}]}, "impact": {"cvss": [[{"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20190302 [SECURITY] [DLA 1702-1] advancecomp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270"}, {"name": "USN-3570-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3570-1/"}, {"name": "[debian-lts-announce] 20180213 [SECURITY] [DLA 1281-1] advancecomp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html"}, {"name": "https://sourceforge.net/p/advancemame/bugs/259/", "refsource": "CONFIRM", "url": "https://sourceforge.net/p/advancemame/bugs/259/"}, {"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2868-1] advancecomp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1056", "datePublished": "2018-07-27T18:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2021-12-29T23:06:28", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advancemame:advancecomp:*:*:*:*:*:*:*:*", "matchCriteriaId": "1621C0AE-7AD0-4250-AE86-0728E0D2BF20", "versionEndExcluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de b\u00fafer de memoria din\u00e1mica (heap) fuera de l\u00edmites en la forma en la que advancecomp en versiones anteriores a la 2.1-2018/02 manejaba el procesamiento de archivos ZIP. Un atacante podr\u00eda usar esta vulnerabilidad para bloquear la utilidad advzip enga\u00f1\u00e1ndola para que procese archivos ZIP manipulados."}], "id": "CVE-2018-1056", "lastModified": "2022-01-21T14:47:14.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-27T18:29:01.343", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://sourceforge.net/p/advancemame/bugs/259/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3570-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "secalert@redhat.com", "type": "Secondary"}]}