CVE-2018-0644 - OpenCVE

Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN37376131/index.html
https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2018-09-07T14:00:00

Updated: 2024-08-05T03:35:48.802Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0644

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-07T14:29:01.087

Modified: 2018-11-16T15:34:59.587

Link: CVE-2018-0644

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier", "vendor": "ORCA Management Organization Co., Ltd.", "versions": [{"status": "affected", "version": "unspecified"}]}], "datePublic": "2018-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-07T13:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVN#37376131", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN37376131/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2018-0644", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier", "version": {"version_data": [{"version_value": ""}]}}]}, "vendor_name": "ORCA Management Organization Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "JVN#37376131", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN37376131/index.html"}, {"name": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html", "refsource": "CONFIRM", "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:35:48.802Z"}, "title": "CVE Program Container", "references": [{"name": "JVN#37376131", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN37376131/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2018-0644", "datePublished": "2018-09-07T14:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T03:35:48.802Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 y anteriores, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 y anteriores y Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 y anteriores permite que atacantes autenticados provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) mediante vectores sin especificar."}], "id": "CVE-2018-0644", "lastModified": "2018-11-16T15:34:59.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-07T14:29:01.087", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/en/jp/JVN37376131/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}