Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-18586

Published: 23/10/2018 Updated: 11/04/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Kyzer

Vulnerability Summary

chmextract.c in the chmextract sample program, as distributed with libmspack prior to 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kyzer libmspack 0.7

kyzer libmspack 0.6

kyzer libmspack 0.5

kyzer libmspack 0.4

kyzer libmspack 0.3

Vendor Advisories

Debian CVElist Bug Report Logs: libmspack: CVE-2018-18584: CAB block input buffer is one byte too small for maximal Quantum block
Debian Bug report logs - #911640 libmspack: CVE-2018-18584: CAB block input buffer is one byte too small for maximal Quantum block Package: src:libmspack; Maintainer for src:libmspack is Marc Dequènes (Duck) <Duck@DuckCorporg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 Oct 2018 22:12:09 UTC ...
Debian CVElist Bug Report Logs: libmspack: CVE-2018-18586: add anti "../" and leading slash protection to chmextract
Debian Bug report logs - #911639 libmspack: CVE-2018-18586: add anti "/" and leading slash protection to chmextract Package: src:libmspack; Maintainer for src:libmspack is Marc Dequènes (Duck) <Duck@DuckCorporg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 Oct 2018 22:12:06 UTC Severity: m ...
Debian CVElist Bug Report Logs: libmspack: CVE-2018-18585: Avoid returning CHM file entries that are "blank" because they have embedded null bytes
Debian Bug report logs - #911637 libmspack: CVE-2018-18585: Avoid returning CHM file entries that are "blank" because they have embedded null bytes Package: src:libmspack; Maintainer for src:libmspack is Marc Dequènes (Duck) <Duck@DuckCorporg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 22 Oct ...
Red Hat: CVE-2018-18586
** DISPUTED ** chmextractc in the chmextract sample program, as distributed with libmspack before 08alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextractc was only intended as a source-code example, not a suppo ...

References

CWE-22https://www.openwall.com/lists/oss-security/2018/10/22/1https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6dhttps://bugs.debian.org/911639https://security.gentoo.org/glsa/201903-20https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-18586
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook