CVE-2018-11790 - Vulnerability Details - OpenCVE

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Openoffice
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106803
https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E
https://usn.ubuntu.com/3883-1/
https://www.openoffice.org/security/cves/CVE-2018-11790.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2019-01-31T16:00:00Z

Updated: 2024-09-16T19:30:22.439Z

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-11790

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-31T16:29:00.247

Modified: 2024-11-21T03:44:02.690

Link: CVE-2018-11790

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache OpenOffice", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Apache OpenOffice 4.1.5 and earlier"}]}], "datePublic": "2018-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-17T00:06:09", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.openoffice.org/security/cves/CVE-2018-11790.html"}, {"name": "USN-3883-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3883-1/"}, {"name": "106803", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106803"}, {"name": "[openoffice-commits] 20191016 svn commit: r1868522 - /openoffice/ooo-site/trunk/content/security/bulletin.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-11-18T00:00:00", "ID": "CVE-2018-11790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OpenOffice", "version": {"version_data": [{"version_value": "Apache OpenOffice 4.1.5 and earlier"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.openoffice.org/security/cves/CVE-2018-11790.html", "refsource": "CONFIRM", "url": "https://www.openoffice.org/security/cves/CVE-2018-11790.html"}, {"name": "USN-3883-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3883-1/"}, {"name": "106803", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106803"}, {"name": "[openoffice-commits] 20191016 svn commit: r1868522 - /openoffice/ooo-site/trunk/content/security/bulletin.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b@%3Ccommits.openoffice.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:17:09.226Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openoffice.org/security/cves/CVE-2018-11790.html"}, {"name": "USN-3883-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3883-1/"}, {"name": "106803", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106803"}, {"name": "[openoffice-commits] 20191016 svn commit: r1868522 - /openoffice/ooo-site/trunk/content/security/bulletin.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11790", "datePublished": "2019-01-31T16:00:00Z", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2024-09-16T19:30:22.439Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC7E51D4-3B9B-4184-BFE8-ADEAF0547B9E", "versionEndIncluding": "4.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation."}, {"lang": "es", "value": "Al cargar un documento con Apache Open Office, en versiones 4.1.5 y anteriores, con una terminaci\u00f3n de final de l\u00ednea m\u00e1s peque\u00f1a que las que emplea el sistema operativo, ocurre este defecto. En este caso, OpenOffice sufre un desbordamiento de aritm\u00e9tica en un c\u00e1lculo de longitud de cadena."}], "id": "CVE-2018-11790", "lastModified": "2024-11-21T03:44:02.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-31T16:29:00.247", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106803"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3883-1/"}, {"source": "security@apache.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.openoffice.org/security/cves/CVE-2018-11790.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3883-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.openoffice.org/security/cves/CVE-2018-11790.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-682"}], "source": "nvd@nist.gov", "type": "Primary"}]}