Vulnerability CVE-2017-13742

Vulnerability Name:

CVE-2017-13742 (CCN-131070)

Assigned:

2017-08-23

Published:

2017-08-23

Updated:

2017-12-02

Summary:

There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

3.3 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119
CWE-121

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2017-13742

Source: CCN
Type: Liblouis Web site
Liblouis* - An open-source braille translator and back-translator.

Source: BID
Type: UNKNOWN
100607

Source: REDHAT
Type: UNKNOWN
RHSA-2017:3111

Source: CCN
Type: Red Hat Bugzilla Bug 1484334
There is a heap overflow in liblouis which is triggered at function includeFile()

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1484334

Source: XF
Type: UNKNOWN
liblouis-cve201713742-bo(131070)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-13742

Vulnerable Configuration:

Configuration 1:

cpe:/a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201713742	V	CVE-2017-13742	2023-06-22
oval:org.opensuse.security:def:7943	P	liblouis-data-3.20.0-150400.3.13.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:780	P	Security update for snakeyaml (Important)	2022-09-26
oval:org.opensuse.security:def:670	P	Security update for keylime (Important)	2022-08-03
oval:org.opensuse.security:def:3322	P	pcsc-ccid-1.4.25-4.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94952	P	liblouis-data-3.16.1-150400.1.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1362	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-05-26
oval:org.opensuse.security:def:1234	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:100774	P	(Moderate)	2022-03-24
oval:org.opensuse.security:def:94061	P	(Important)	2022-03-10
oval:org.opensuse.security:def:67814	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-12-14
oval:org.opensuse.security:def:71267	P	libjavascriptcoregtk-4_0-18-2.24.1-3.24.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71154	P	cairo-devel-1.15.10-4.5.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64567	P	Security update for gstreamer-plugins-good (Moderate)	2021-09-02
oval:org.opensuse.security:def:47892	P	squidGuard-1.4-30.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47437	P	libyaml-0-2-0.1.6-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47191	P	yast2-core-3.1.23-6.38 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48190	P	libshibsp-lite6-2.5.5-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47762	P	libpcsclite1-1.8.10-7.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47206	P	apache2-mod_nss-1.0.14-18.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48317	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48002	P	eog-3.20.4-7.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47520	P	unzip-6.00-32.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47301	P	krb5-1.12.5-39.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48300	P	ruby-2.1-1.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47744	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47316	P	libXi6-1.7.4-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48106	P	libecpg6-10.10-1.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47630	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47192	P	yast2-users-3.1.57-16.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48252	P	ovmf-2017+git1510945757.b2662641d5-3.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47854	P	perl-XML-LibXML-2.0019-6.3.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47327	P	libXxf86dga1-1.1.4-3.58 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48348	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48216	P	libvirt-5.1.0-11.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47652	P	java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47302	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:1706	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72514	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1006	P	gstreamer-1.16.2-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62795	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101201	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1116	P	libpython2_7-1_0-2.7.18-7.55.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:49447	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:1590	P	Security update for the Linux Kernel (Important)	2021-06-30
oval:org.opensuse.security:def:1472	P	Security update for apache2 (Important)	2021-06-22
oval:org.opensuse.security:def:48458	P	libIlmImf-Imf_2_1-21-2.1.0-4.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48419	P	ft2demos-2.6.3-7.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48427	P	git-core-1.8.5.6-18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48529	P	libnm-glib-vpn1-1.0.12-8.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48362	P	accountsservice-0.6.42-14.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64480	P	Security update for librsvg (Important)	2021-04-28
oval:org.opensuse.security:def:69992	P	Security update for nodejs10 (Important)	2021-03-02
oval:org.opensuse.security:def:66741	P	Security update for php7 (Moderate)	2021-01-14
oval:org.opensuse.security:def:72398	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107440	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62679	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116998	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72170	P	liblouis-data-3.3.0-2.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62451	P	liblouis-data-3.3.0-2.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89911	P	liblouis-data-3.3.0-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72280	P	liblouis-data-3.3.0-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103566	P	liblouis-data-3.3.0-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62561	P	liblouis-data-3.3.0-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49557	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73314	P	screen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67914	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49393	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49675	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66649	P	wicked on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70097	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73432	P	liblouis-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49503	P	bluez on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49621	P	file-roller on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20173111	P	RHSA-2017:3111: liblouis security update (Moderate)	2017-11-02
oval:com.ubuntu.xenial:def:2017137420000000	V	CVE-2017-13742 on Ubuntu 16.04 LTS (xenial) - low.	2017-08-29
oval:com.ubuntu.trusty:def:201713742000	V	CVE-2017-13742 on Ubuntu 14.04 LTS (trusty) - low.	2017-08-29
oval:com.ubuntu.xenial:def:201713742000	V	CVE-2017-13742 on Ubuntu 16.04 LTS (xenial) - low.	2017-08-29

BACK