Vulnerability CVE-2018-12495

Vulnerability Name:

CVE-2018-12495 (CCN-144910)

Assigned:

2018-05-25

Published:

2018-05-25

Updated:

2019-05-02

Summary:

The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-12495

Source: XF
Type: UNKNOWN
discount-cve201812495-dos(144910)

Source: CCN
Type: DISCOUNT GIT Repository
Another issue has been found when I fuzz markdown.Details are displayed as follows: #3

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/Orc/discount/issues/189#issuecomment-397541501

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20180908 [SECURITY] [DLA 1499-1] discount security update

Source: DEBIAN
Type: Third Party Advisory
DSA-4293

Vulnerable Configuration:

Configuration 1:

cpe:/a:discount_project:discount:2.2.3:a:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201812495	V	CVE-2018-12495	2023-06-22
oval:org.opensuse.security:def:7614	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:751	P	Security update for bluez (Important)	2022-09-12
oval:org.opensuse.security:def:3030	P	ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94660	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:156	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:93807	P	(Moderate)	2022-05-06
oval:org.opensuse.security:def:1085	P	Security update for jasper (Moderate)	2022-02-24
oval:org.opensuse.security:def:112156	P	discount-2.2.7-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:69738	P	Security update for apache2 (Important)	2021-10-12
oval:org.opensuse.security:def:105692	P	discount-2.2.7-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:100932	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62174	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71915	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:69843	P	Security update for java-11-openjdk (Important)	2021-05-11
oval:org.opensuse.security:def:66487	P	Security update for gimp (Moderate)	2021-01-04
oval:org.opensuse.security:def:49138	P	Security update for slurm_18_08 (Important)	2020-12-17
oval:org.opensuse.security:def:107186	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61840	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116744	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71581	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100520	P	libmarkdown2-2.2.4-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:73178	P	libmarkdown2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49192	P	libmarkdown2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66395	P	ghostscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73060	P	cron on GA media (Moderate)	2020-12-01
oval:com.ubuntu.bionic:def:2018124950000000	V	CVE-2018-12495 on Ubuntu 18.04 LTS (bionic) - low.	2018-06-15
oval:com.ubuntu.artful:def:201812495000	V	CVE-2018-12495 on Ubuntu 17.10 (artful) - low.	2018-06-15
oval:com.ubuntu.xenial:def:201812495000	V	CVE-2018-12495 on Ubuntu 16.04 LTS (xenial) - low.	2018-06-15
oval:com.ubuntu.xenial:def:2018124950000000	V	CVE-2018-12495 on Ubuntu 16.04 LTS (xenial) - low.	2018-06-15
oval:com.ubuntu.bionic:def:201812495000	V	CVE-2018-12495 on Ubuntu 18.04 LTS (bionic) - low.	2018-06-15
oval:com.ubuntu.disco:def:2018124950000000	V	CVE-2018-12495 on Ubuntu 19.04 (disco) - low.	2018-06-15
oval:com.ubuntu.cosmic:def:201812495000	V	CVE-2018-12495 on Ubuntu 18.10 (cosmic) - low.	2018-06-15
oval:com.ubuntu.cosmic:def:2018124950000000	V	CVE-2018-12495 on Ubuntu 18.10 (cosmic) - low.	2018-06-15
oval:com.ubuntu.trusty:def:201812495000	V	CVE-2018-12495 on Ubuntu 14.04 LTS (trusty) - low.	2018-06-15

BACK