CVE-2018-7254 - OpenCVE

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Wavpack	Wavpack

Configuration 1 [-]

cpe:2.3:a:wavpack:wavpack:5.1.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274	Mailing List Issue Tracking Third Party Advisory
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e	Patch Third Party Advisory
https://github.com/dbry/WavPack/issues/26	Issue Tracking Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/37
https://usn.ubuntu.com/3578-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4125	Third Party Advisory
https://www.exploit-db.com/exploits/44154/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-19T23:00:00

Updated: 2019-12-21T08:06:09

Reserved: 2018-02-19T00:00:00

Link: CVE-2018-7254

JSON object: View

NVD Information

Status : Modified

Published: 2018-02-19T23:29:00.277

Modified: 2019-12-20T10:15:13.983

Link: CVE-2018-7254

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-21T08:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e"}, {"name": "USN-3578-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3578-1/"}, {"name": "DSA-4125", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4125"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/dbry/WavPack/issues/26"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274"}, {"name": "44154", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44154/"}, {"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/37"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7254", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e", "refsource": "MISC", "url": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e"}, {"name": "USN-3578-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3578-1/"}, {"name": "DSA-4125", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4125"}, {"name": "https://github.com/dbry/WavPack/issues/26", "refsource": "MISC", "url": "https://github.com/dbry/WavPack/issues/26"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274"}, {"name": "44154", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44154/"}, {"name": "20191219 [slackware-security] wavpack (SSA:2019-353-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/37"}, {"name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7254", "datePublished": "2018-02-19T23:00:00", "dateReserved": "2018-02-19T00:00:00", "dateUpdated": "2019-12-21T08:06:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wavpack:wavpack:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DCF63128-72B0-4A29-AB4D-AC1B93A04B67", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file."}, {"lang": "es", "value": "La funci\u00f3n ParseCaffHeaderConfig del archivo cli/caff.c de WavPack 5.1.0 permite que un atacante remoto provoque una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer global) o que desencadene un desbordamiento de b\u00fafer o la asignaci\u00f3n incorrecta de memoria mediante un archivo CAF maliciosamente manipulado."}], "id": "CVE-2018-7254", "lastModified": "2019-12-20T10:15:13.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-19T23:29:00.277", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/dbry/WavPack/issues/26"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Dec/37"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3578-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4125"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44154/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}