CVE-2018-20840 - OpenCVE

An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Google	Api C\+\+ Client

Configuration 1 [-]

cpe:2.3:a:google:api_c\+\+_client:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/google/google-api-cpp-client/issues/57	Issue Tracking Exploit Third Party Advisory
https://github.com/google/google-api-cpp-client/pull/58	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-30T15:58:10

Updated: 2019-05-30T15:58:10

Reserved: 2019-05-30T00:00:00

Link: CVE-2018-20840

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-30T16:29:01.323

Modified: 2019-05-31T16:04:32.797

Link: CVE-2018-20840

JSON object: View

Redhat Information

No data.

CWE

CWE-754

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-30T15:58:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/google/google-api-cpp-client/pull/58"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/google/google-api-cpp-client/issues/57"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20840", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/google/google-api-cpp-client/pull/58", "refsource": "MISC", "url": "https://github.com/google/google-api-cpp-client/pull/58"}, {"name": "https://github.com/google/google-api-cpp-client/issues/57", "refsource": "MISC", "url": "https://github.com/google/google-api-cpp-client/issues/57"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20840", "datePublished": "2019-05-30T15:58:10", "dateReserved": "2019-05-30T00:00:00", "dateUpdated": "2019-05-30T15:58:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:api_c\\+\\+_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FC7B0D8-5460-4105-BE2B-FD5AF56BE847", "versionEndExcluding": "2019-04-10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de excepci\u00f3n no controlada durante el Registro (Sign-In) de Google con Google API C++ Client anterior a la 10-04-2019. Es posible que genere una interrupci\u00f3n de los servicios de terceros que no fueron creados para recuperarse de las excepciones. En el cliente, el manejo del token ID puede producir una excepci\u00f3n no controlada debido a una inapropiada interpretaci\u00f3n de un entero como una cadena, lo que conlleva una Denegaci\u00f3n de Servicio y entonces otros usuarios ya no pueden iniciar sesi\u00f3n (login) o registrarse (sign-in) en el servicio de terceros impactado. Una vez que este servicio de terceros utiliza el registro (sign-in) de Google con google-api-cpp-client, un usuario malicioso puede activar la vulnerabilidad de client/auth/oauth2_authorization.cc mediante una petici\u00f3n al cliente que reciba el token de ID desde un servidor de autenticaci\u00f3n de Google."}], "id": "CVE-2018-20840", "lastModified": "2019-05-31T16:04:32.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-30T16:29:01.323", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Exploit", "Third Party Advisory"], "url": "https://github.com/google/google-api-cpp-client/issues/57"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/google/google-api-cpp-client/pull/58"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}