CVE-2018-17336

Priority
Description
UDisks 2.8.0 has a format string vulnerability in udisks_log in
udiskslogging.c, allowing attackers to obtain sensitive information (stack
contents), cause a denial of service (memory corruption), or possibly have
unspecified other impact via a malformed filesystem label, as demonstrated
by %d or %n substrings.
Assigned-to
mdeslaur
Notes
mdeslaurintroduced by ad2ce6714e911be58011dd6b838ec0f6fd0f950f in
udisks 2.6.4
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.7.6-3ubuntu0.2)
Patches:
Upstream:https://github.com/storaged-project/udisks/commit/e369a9b4b08e9373c814c05328b366c938284eb5
More Information

Updated: 2020-07-28 20:04:22 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)