{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://savannah.gnu.org/bugs/?52265"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"name": "103200", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103200"}, {"name": "RHSA-2018:3246", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3246"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18198", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://savannah.gnu.org/bugs/?52265", "refsource": "CONFIRM", "url": "https://savannah.gnu.org/bugs/?52265"}, {"name": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", "refsource": "CONFIRM", "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"name": "103200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103200"}, {"name": "RHSA-2018:3246", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3246"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:13:49.056Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://savannah.gnu.org/bugs/?52265"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"name": "103200", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103200"}, {"name": "RHSA-2018:3246", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3246"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18198", "datePublished": "2018-02-24T06:00:00", "dateReserved": "2018-02-23T00:00:00", "dateUpdated": "2024-08-05T21:13:49.056Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C6D0E1F-FEE1-40C2-B372-A023B6CE9311", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file."}, {"lang": "es", "value": "print_iso9660_recurse en iso-info.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo iso modificado."}], "id": "CVE-2017-18198", "lastModified": "2024-11-21T03:19:32.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-24T06:29:00.240", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103200"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3246"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://savannah.gnu.org/bugs/?52265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:3246"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://savannah.gnu.org/bugs/?52265"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3246", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libcdio-0:0.92-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}], "bugzilla": {"description": "libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c", "id": "1549644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549644"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-125", "details": ["print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.", "A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS."], "name": "CVE-2017-18198", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libcdio", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libcdio", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-18198\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18198"], "threat_severity": "Low", "upstream_fix": "libcdio 1.0.0"}