Candidate: CVE-2018-14447
PublicDate: 2018-07-20 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14447
 http://hac425.unaux.com/index.php/archives/64/
 https://github.com/martinh/libconfuse/issues/109
Description:
 trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.
Ubuntu-Description:
 It was discovered that confuse performs an out-of-bounds read operation.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_confuse:
 upstream: https://github.com/martinh/libconfuse/commit/4337f34dc378f4e3a77b44ec0782bd9852ebcd8e
upstream_confuse: released (2.7-5+deb8u1, 3.2.1+dfsg-5, 3.2.2+dfgs-1)
precise/esm_confuse: DNE
trusty_confuse: released (2.7-5+deb8u1build0.14.04.1)
trusty/esm_confuse: released (2.7-5+deb8u1build0.14.04.1)

xenial_confuse: released (2.7-5+deb8u1build0.16.04.1)
bionic_confuse: released (3.2.1+dfsg-4ubuntu0.1)
cosmic_confuse: not-affected (3.2.2+dfsg-1)
devel_confuse: not-affected (3.2.2+dfsg-1)