{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-06T16:06:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201810-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201810-05"}, {"name": "USN-3786-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3786-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb"}, {"name": "USN-3786-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3786-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html"}, {"name": "RHSA-2019:2079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2079"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15857", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201810-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-05"}, {"name": "USN-3786-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3786-1/"}, {"name": "https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb", "refsource": "MISC", "url": "https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb"}, {"name": "USN-3786-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3786-2/"}, {"name": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html", "refsource": "MISC", "url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html"}, {"name": "RHSA-2019:2079", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2079"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:10:04.755Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201810-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201810-05"}, {"name": "USN-3786-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3786-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb"}, {"name": "USN-3786-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3786-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html"}, {"name": "RHSA-2019:2079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2079"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-15857", "datePublished": "2018-08-25T21:00:00", "dateReserved": "2018-08-24T00:00:00", "dateUpdated": "2024-08-05T10:10:04.755Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xkbcommon:libxkbcommon:*:*:*:*:*:*:*:*", "matchCriteriaId": "33CC7ED5-C297-470D-B26A-25D0EB694460", "versionEndExcluding": "0.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xkbcommon:xkbcommon:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7D955F4-3540-42A7-8551-EA1A266DDEA6", "versionEndExcluding": "0.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file."}, {"lang": "es", "value": "Una liberaci\u00f3n no v\u00e1lida en ExprAppendMultiKeysymList en xkbcomp/ast-build.c en xkbcommon, en versiones anteriores a la 0.8.1, podr\u00eda ser empleada por atacantes locales para provocar el cierre inesperado de los analizadores keymap de xkbcommon o, posiblemente, lograr otro tipo de impacto sin especificar proporcionando un archivo keymap manipulado."}], "id": "CVE-2018-15857", "lastModified": "2019-08-06T17:15:25.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-25T21:29:01.953", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:2079"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201810-05"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3786-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3786-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "gdm-1:3.28.2-16.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libX11-0:1.6.7-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libxkbcommon-0:0.7.1-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mesa-libGLw-0:8.0.0-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-drv-ati-0:19.0.1-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-drv-vesa-0:2.4.0-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-drv-wacom-0:0.36.1-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-server-0:1.20.4-7.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}], "bugzilla": {"description": "libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash", "id": "1623022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623022"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-416", "details": ["An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file."], "name": "CVE-2018-15857", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libxkbcommon", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-15857\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15857"], "threat_severity": "Moderate", "upstream_fix": "libxkbcommon 0.8.1"}