{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://savannah.gnu.org/bugs/?52264"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"name": "RHSA-2018:3246", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3246"}, {"name": "103202", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103202"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18199", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://savannah.gnu.org/bugs/?52264", "refsource": "CONFIRM", "url": "https://savannah.gnu.org/bugs/?52264"}, {"name": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", "refsource": "CONFIRM", "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"name": "RHSA-2018:3246", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3246"}, {"name": "103202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103202"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:13:49.153Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://savannah.gnu.org/bugs/?52264"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"name": "RHSA-2018:3246", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3246"}, {"name": "103202", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103202"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18199", "datePublished": "2018-02-24T06:00:00", "dateReserved": "2018-02-23T00:00:00", "dateUpdated": "2024-08-05T21:13:49.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C6D0E1F-FEE1-40C2-B372-A023B6CE9311", "versionEndExcluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file."}, {"lang": "es", "value": "realloc_symlink en rock.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL) mediante un archivo iso manipulado."}], "id": "CVE-2017-18199", "lastModified": "2024-11-21T03:19:32.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-24T06:29:00.320", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103202"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:3246"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://savannah.gnu.org/bugs/?52264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:3246"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://savannah.gnu.org/bugs/?52264"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3246", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libcdio-0:0.92-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}], "bugzilla": {"description": "libcdio: NULL pointer dereference in realloc_symlink in rock.c", "id": "1549701", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549701"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-119", "details": ["realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.", "A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files."], "name": "CVE-2017-18199", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libcdio", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libcdio", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-18199\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18199"], "threat_severity": "Low", "upstream_fix": "libcdio 1.0.0"}