Candidate: CVE-2018-16743
PublicDate: 2018-09-13 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16743
 https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
Description:
 An issue was discovered in mgetty before 1.2.1. In
 contrib/next-login/login.c, the command-line parameter username is passed
 unsanitized to strcpy(), which can cause a stack-based buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_mgetty:
upstream_mgetty: needs-triage
precise/esm_mgetty: DNE
trusty_mgetty: ignored (reached end-of-life)
trusty/esm_mgetty: DNE (trusty was needs-triage)
xenial_mgetty: ignored (end of standard support, was needs-triage)
bionic_mgetty: needs-triage
cosmic_mgetty: ignored (reached end-of-life)
disco_mgetty: not-affected (1.2.1-1)
eoan_mgetty: not-affected (1.2.1-1)
focal_mgetty: not-affected (1.2.1-1)
groovy_mgetty: not-affected (1.2.1-1)
hirsute_mgetty: not-affected (1.2.1-1)
impish_mgetty: not-affected (1.2.1-1)
jammy_mgetty: not-affected (1.2.1-1)
devel_mgetty: not-affected (1.2.1-1)