Candidate: CVE-2018-15173
PublicDate: 2018-08-08 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15173
 http://code610.blogspot.com/2018/07/crashing-nmap-760.html
 http://code610.blogspot.com/2018/07/crashing-nmap-770.html
 https://seclists.org/nmap-announce/2019/0
Description:
 Nmap through 7.70, when the -sV option is used, allows remote attackers to
 cause a denial of service (stack consumption and application crash) via a
 crafted TCP-based service.
Ubuntu-Description:
Notes:
 sbeattie| additional commits may be needed to be pulled from GH#1196
Bugs:
 https://github.com/nmap/nmap/issues/1147
 https://github.com/nmap/nmap/issues/1108
 https://github.com/nmap/nmap/issues/1196
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_nmap:
 upstream: https://github.com/nmap/nmap/commit/6d8bb6df229f7acf768bcebfe14cdc8c3dbbe92b
upstream_nmap: released (7.80)
precise/esm_nmap: ignored (end of ESM support, was needs-triage)
trusty_nmap: ignored (reached end-of-life)
trusty/esm_nmap: needs-triage
xenial_nmap: ignored (end of standard support, was needs-triage)
esm-infra/xenial_nmap: needs-triage
bionic_nmap: needed
cosmic_nmap: ignored (reached end-of-life)
disco_nmap: ignored (reached end-of-life)
eoan_nmap: ignored (reached end-of-life)
focal_nmap: not-affected (7.80+dfsg1-2build1)
groovy_nmap: not-affected (7.80+dfsg1-2build1)
hirsute_nmap: not-affected (7.80+dfsg1-2build1)
impish_nmap: not-affected (7.80+dfsg1-2build1)
jammy_nmap: not-affected (7.80+dfsg1-2build1)
devel_nmap: not-affected (7.80+dfsg1-2build1)