Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-18751

Published: 29/10/2018 Updated: 08/09/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Gettext

Vulnerability Summary

An issue exists in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gettext 0.19.8

canonical ubuntu linux 16.04

canonical ubuntu linux 18.10

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

redhat enterprise linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: gettext: CVE-2018-18751
Debian Bug report logs - #913173 gettext: CVE-2018-18751 Package: src:gettext; Maintainer for src:gettext is Santiago Vila <sanvila@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Nov 2018 19:57:02 UTC Severity: minor Tags: security, upstream Found in version gettext/01981-8 Fixed ...
Ubuntu Security Notice: gettext vulnerability
gettext could be made to execute arbitrary code if it received a specially crafted message ...
Ubuntu Security Notice: gettext vulnerability
gettext could be made to execute arbitrary code if it received a specially crafted message ...
Red Hat: Low: gettext security update
Synopsis Low: gettext security update Type/Severity Security Advisory: Low Topic An update for gettext is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Low: gettext security update
Synopsis Low: gettext security update Type/Severity Security Advisory: Low Topic An update for gettext is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a det ...
Red Hat: Low: gettext security update
Synopsis Low: gettext security update Type/Severity Security Advisory: Low Topic An update for gettext is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Low: gettext security and bug fix update
Synopsis Low: gettext security and bug fix update Type/Severity Security Advisory: Low Topic An update for gettext is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Amazon Linux 2: ALAS2-2020-1477
An issue was discovered in GNU gettext 0198 There is a double free in default_add_message in read-catalogc, related to an invalid free in po_gram_parse in po-gram-geny, as demonstrated by lt-msgfmt (CVE-2018-18751) ...
Red Hat: CVE-2018-18751
An issue was discovered in GNU gettext 0198 There is a double free in default_add_message in read-catalogc, related to an invalid free in po_gram_parse in po-gram-geny, as demonstrated by lt-msgfmt ...
Arch Linux Issues:
An issue was discovered in GNU gettext 0198 There is a double free in default_add_message in read-catalogc, related to an invalid free in po_gram_parse in po-gram-geny, as demonstrated by lt-msgfmt ...

Github Repositories

https://github.com/blackberry/UBCIS

Ultimate Benchmark for Container Image Scanners

UBCIS Ultimate Benchmark for Container Image Scanning (UBCIS) is a benchmark for detecting the scanner performance in terms of precision and vulnerability coverage on most common Linux Docker basic images UBCIS can evaluate your scanner and score it using statistical notations of precision, recall and f-measure UBCIS can also run a set of scanners on a set of container images

References

CWE-415https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruptionhttps://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefreehttps://usn.ubuntu.com/3815-2/https://usn.ubuntu.com/3815-1/https://access.redhat.com/errata/RHSA-2019:3643http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913173https://nvd.nist.govhttps://usn.ubuntu.com/3815-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook