Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2019-1310

Related Vulnerabilities: CVE-2018-18584   CVE-2018-18585  

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.(CVE-2018-18584) chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the "/\\0" name).(CVE-2018-18585)

Source

ALAS2-2019-1310

Amazon Linux 2 Security Advisory: ALAS-2019-1310
Advisory Release Date: 2019-10-08 21:55 Pacific
Advisory Updated Date: 2019-10-09 23:19 Pacific
Severity: Medium
Issue Overview:

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.(CVE-2018-18584)

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the "/\\0" name).(CVE-2018-18585)


Affected Packages:

libmspack


Issue Correction:
Run yum update libmspack to update your system.

New Packages:
aarch64:
    libmspack-0.5-0.7.alpha.amzn2.aarch64
    libmspack-devel-0.5-0.7.alpha.amzn2.aarch64
    libmspack-debuginfo-0.5-0.7.alpha.amzn2.aarch64

i686:
    libmspack-0.5-0.7.alpha.amzn2.i686
    libmspack-devel-0.5-0.7.alpha.amzn2.i686
    libmspack-debuginfo-0.5-0.7.alpha.amzn2.i686

src:
    libmspack-0.5-0.7.alpha.amzn2.src

x86_64:
    libmspack-0.5-0.7.alpha.amzn2.x86_64
    libmspack-devel-0.5-0.7.alpha.amzn2.x86_64
    libmspack-debuginfo-0.5-0.7.alpha.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started