Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2018-18584

Published: 22 October 2018

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

From the Ubuntu Security Team

It was discovered that cabextract incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause cabextract to crash, resulting in a denial of service.

Notes

AuthorNote
alexmurray
We released clamav 0.100.2+dfsg-1ubuntu0.1X.04.2 for precise/esm
and trusty, but subsequently were notified the bundled libmspack is
not actually vulnerable in this case, as the version of libmspack
provided had increased the CAB_BLOCKMAX macro to 65535, meaning that
CAB_INPUTMAX is now 71679, which is impossible to encode in the
16-bit cfdata_CompressedSize field of a single block.

Priority

Medium

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
cabextract
Launchpad, Ubuntu, Debian
hirsute Not vulnerable
(uses system libmspack)
bionic Not vulnerable
(uses system libmspack)
cosmic Not vulnerable
(uses system libmspack)
disco Not vulnerable
(uses system libmspack)
eoan Not vulnerable
(uses system libmspack)
focal Not vulnerable
(uses system libmspack)
groovy Not vulnerable
(uses system libmspack)
impish Not vulnerable
(uses system libmspack)
jammy Not vulnerable
(uses system libmspack)
upstream
Released (1.4-5)
xenial Not vulnerable
(uses system libmspack)
trusty
Released (1.4-4ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
clamav
Launchpad, Ubuntu, Debian
hirsute Not vulnerable
(uses system libmspack)
bionic Not vulnerable
(uses system libmspack)
cosmic Not vulnerable
(uses system libmspack)
disco Not vulnerable
(uses system libmspack)
eoan Not vulnerable
(uses system libmspack)
focal Not vulnerable
(uses system libmspack)
groovy Not vulnerable
(uses system libmspack)
impish Not vulnerable
(uses system libmspack)
jammy Not vulnerable
(uses system libmspack)
trusty
Released (0.100.2+dfsg-1ubuntu0.14.04.2)
upstream Needs triage

xenial Not vulnerable
(uses system libmspack)
libmspack
Launchpad, Ubuntu, Debian
hirsute Not vulnerable
(0.9.1-1)
bionic
Released (0.6-3ubuntu0.2)
cosmic
Released (0.7-1ubuntu0.1)
disco Not vulnerable
(0.9.1-1)
eoan Not vulnerable
(0.9.1-1)
focal Not vulnerable
(0.9.1-1)
groovy Not vulnerable
(0.9.1-1)
impish Not vulnerable
(0.9.1-1)
jammy Not vulnerable
(0.9.1-1)
upstream Needs triage

xenial
Released (0.5-1ubuntu0.16.04.3)
trusty
Released (0.4-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:
upstream: https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H