cvelistv5 - cve-2018-16842

CVE-2018-16842 (GCVE-0-2018-16842)

Vulnerability from cvelistv5

Published

2018-10-31 19:00

Modified

2026-04-15 20:56

Severity ?

4.4 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CWE

CWE-125

Summary

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

References

URL

Tags

	https://security.gentoo.org/glsa/201903-03	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2018/dsa-4331	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html	mailing-list, x_refsource_MLIST
	https://curl.haxx.se/docs/CVE-2018-16842.html	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1042014	vdb-entry, x_refsource_SECTRACK
	https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211	x_refsource_CONFIRM
	https://usn.ubuntu.com/3805-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3805-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:2181	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	The Curl Project	curl:	Version: from 7.14.1 to 7.61.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201903-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-03"
          },
          {
            "name": "DSA-4331",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4331"
          },
          {
            "name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://curl.haxx.se/docs/CVE-2018-16842.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"
          },
          {
            "name": "1042014",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042014"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"
          },
          {
            "name": "USN-3805-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3805-2/"
          },
          {
            "name": "USN-3805-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3805-1/"
          },
          {
            "name": "RHSA-2019:2181",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2181"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-16842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T20:56:25.748850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T20:56:32.322Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "curl:",
          "vendor": "The Curl Project",
          "versions": [
            {
              "status": "affected",
              "version": "from 7.14.1 to 7.61.1"
            }
          ]
        }
      ],
      "datePublic": "2018-10-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:40:48.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "GLSA-201903-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-03"
        },
        {
          "name": "DSA-4331",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4331"
        },
        {
          "name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://curl.haxx.se/docs/CVE-2018-16842.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"
        },
        {
          "name": "1042014",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042014"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"
        },
        {
          "name": "USN-3805-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3805-2/"
        },
        {
          "name": "USN-3805-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3805-1/"
        },
        {
          "name": "RHSA-2019:2181",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2181"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-16842",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "curl:",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "from 7.14.1 to 7.61.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Curl Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "4.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201903-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-03"
            },
            {
              "name": "DSA-4331",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4331"
            },
            {
              "name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
            },
            {
              "name": "https://curl.haxx.se/docs/CVE-2018-16842.html",
              "refsource": "MISC",
              "url": "https://curl.haxx.se/docs/CVE-2018-16842.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"
            },
            {
              "name": "1042014",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042014"
            },
            {
              "name": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211",
              "refsource": "CONFIRM",
              "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"
            },
            {
              "name": "USN-3805-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3805-2/"
            },
            {
              "name": "USN-3805-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3805-1/"
            },
            {
              "name": "RHSA-2019:2181",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2181"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16842",
    "datePublished": "2018-10-31T19:00:00.000Z",
    "dateReserved": "2018-09-11T00:00:00.000Z",
    "dateUpdated": "2026-04-15T20:56:32.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201903-03\", \"name\": \"GLSA-201903-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4331\", \"name\": \"DSA-4331\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html\", \"name\": \"[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16842.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1042014\", \"name\": \"1042014\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3805-2/\", \"name\": \"USN-3805-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3805-1/\", \"name\": \"USN-3805-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2181\", \"name\": \"RHSA-2019:2181\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T10:32:54.082Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-16842\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-15T20:56:25.748850Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-15T20:56:29.551Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"The Curl Project\", \"product\": \"curl:\", \"versions\": [{\"status\": \"affected\", \"version\": \"from 7.14.1 to 7.61.1\"}]}], \"datePublic\": \"2018-10-31T00:00:00.000Z\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201903-03\", \"name\": \"GLSA-201903-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4331\", \"name\": \"DSA-4331\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html\", \"name\": \"[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16842.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1042014\", \"name\": \"1042014\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://usn.ubuntu.com/3805-2/\", \"name\": \"USN-3805-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://usn.ubuntu.com/3805-1/\", \"name\": \"USN-3805-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2181\", \"name\": \"RHSA-2019:2181\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2019-10-16T17:40:48.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": [[{\"version\": \"3.0\", \"vectorString\": \"4.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L\"}]]}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"from 7.14.1 to 7.61.1\"}]}, \"product_name\": \"curl:\"}]}, \"vendor_name\": \"The Curl Project\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://security.gentoo.org/glsa/201903-03\", \"name\": \"GLSA-201903-03\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4331\", \"name\": \"DSA-4331\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html\", \"name\": \"[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16842.html\", \"name\": \"https://curl.haxx.se/docs/CVE-2018-16842.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1042014\", \"name\": \"1042014\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211\", \"name\": \"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://usn.ubuntu.com/3805-2/\", \"name\": \"USN-3805-2\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://usn.ubuntu.com/3805-1/\", \"name\": \"USN-3805-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2181\", \"name\": \"RHSA-2019:2181\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-125\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-16842\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-16842\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-15T20:56:32.322Z\", \"dateReserved\": \"2018-09-11T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2018-10-31T19:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2018-AVI-589

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.1.x antérieures à 6.1.1.6 iFix2
IBM	N/A	IBM Security SiteProtector System versions 3.0.0.x antérieures à 3.0.0.20
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.x antérieures à 7.0.4.0 iFix1
IBM	N/A	VRA - Vyatta 5600
IBM	WebSphere	IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.2.6.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.2.x antérieures à 6.2.0.6 iFix2
IBM	QRadar	IBM QRadar Network Security versions 5.5.x antérieures à 5.5.0.1
IBM	N/A	IBM DataPower Gateway versions 7.6.x antérieures à 7.6.0.3
IBM	N/A	IBM Social Program Management Design System versions antérieures à 1.4.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.0.5.x antérieures à 6.0.5.10 iFix4
IBM	N/A	IBM DataPower Gateway versions 7.1.x antérieures à 7.1.0.20
IBM	N/A	IBM DataPower Gateway versions 7.5.2.x antérieures à 7.2.10
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.0.x antérieures à 7.0.1.3
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.1.0
IBM	N/A	IBM DataPower Gateway versions 7.2.x antérieures à 7.2.0.17
IBM	QRadar	IBM QRadar Network Security versions 5.4.x antérieures à 5.4.0.6
IBM	N/A	IBM DataPower Gateway versions 7.5.1.x antérieures à 7.1.10
IBM	N/A	IBM Security SiteProtector System versions 3.1.1.x antérieures à 3.1.1.17
IBM	N/A	IBM DataPower Gateway versions 7.5.0.x antérieures à 7.5.0.11
IBM	WebSphere	WebSphere Application Server versions antérieures à 9.0.0.10
IBM	N/A	IBM Voice Gateway versions antérieures à 1.0.0.7a
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ibm10732880 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739019 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744291 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744157 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739035 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744557 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739985 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740799 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10743847 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10736137 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10742369 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739027 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744247 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744553 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740789 du 07 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.0.0.x ant\u00e9rieures \u00e0 3.0.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.x ant\u00e9rieures \u00e0 7.0.4.0 iFix1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VRA - Vyatta 5600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.2.6.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.5.x ant\u00e9rieures \u00e0 5.5.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.6.x ant\u00e9rieures \u00e0 7.6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Social Program Management Design System versions ant\u00e9rieures \u00e0 1.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.0.5.x ant\u00e9rieures \u00e0 6.0.5.10 iFix4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.2.x ant\u00e9rieures \u00e0 7.2.0.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.1.x ant\u00e9rieures \u00e0 7.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.1.1.x ant\u00e9rieures \u00e0 3.1.1.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions ant\u00e9rieures \u00e0 9.0.0.10",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Voice Gateway versions ant\u00e9rieures \u00e0 1.0.0.7a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16058"
    },
    {
      "name": "CVE-2018-10873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10873"
    },
    {
      "name": "CVE-2018-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-10933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
    },
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2018-15594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15594"
    },
    {
      "name": "CVE-2018-16151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16151"
    },
    {
      "name": "CVE-2018-8039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
    },
    {
      "name": "CVE-2018-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
    },
    {
      "name": "CVE-2018-1671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1671"
    },
    {
      "name": "CVE-2018-2973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2973"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1652"
    },
    {
      "name": "CVE-2018-16842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
    },
    {
      "name": "CVE-2018-17182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
    },
    {
      "name": "CVE-2018-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2964"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-14609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-14618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2018-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16056"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1900"
    },
    {
      "name": "CVE-2018-14617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2018-16839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16839"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-14678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
    },
    {
      "name": "CVE-2018-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-16152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16152"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    },
    {
      "name": "CVE-2018-14734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2018-1957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1957"
    },
    {
      "name": "CVE-2018-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1654"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    },
    {
      "name": "CVE-2018-8013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8013"
    },
    {
      "name": "CVE-2018-12539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
    },
    {
      "name": "CVE-2018-16276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
    }
  ],
  "initial_release_date": "2018-12-10T00:00:00",
  "last_revision_date": "2018-12-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-589",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-10T00:00:00.000000"
    },
    {
      "description": "Ajout de deux bulletins de s\u00e9curit\u00e9 IBM Lotus Protector",
      "revision_date": "2018-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10732880 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732880"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739019 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744291 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744291"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744157 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739035 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739035"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744557 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739985 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739985"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740799 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740799"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10743847 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10743847"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10736137 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10736137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10742369 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10742369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739027 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739027"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744247 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744247"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744553 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744553"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740789 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740789"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-16842 (GCVE-0-2018-16842)

Vulnerability from cvelistv5

CERTFR-2018-AVI-589

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature