Published: 27/03/2019 Updated: 09/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rpm libcomps

Synopsis Moderate: yum security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for yum is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...

Synopsis Moderate: libcomps security update Type/Severity Security Advisory: Moderate Topic An update for libcomps is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Impact: Moderate Public Date: 2019-01-21 CWE: CWE-416 Bugzilla: 1668005: CVE-2019-3817 libcomps: use af ...

CWE-416 https://github.com/rpm-software-management/libcomps/issues/41 https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3817 https://access.redhat.com/errata/RHSA-2019:3583 https://access.redhat.com/errata/RHSA-2019:3898 https://access.redhat.com/errata/RHSA-2019:3583 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2019-3817

CVE-2019-3817

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect