Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 17 octobre 2018

libpg_query 10-1.0.2 pg_query_parse.c pg_query_raw_parse denial of service

A vulnerability was found in libpg_query 10-1.0.2 and classified as problematic. Affected by this issue is the function pg_query_raw_parse of the file pg_query_parse.c. The manipulation with an unknown input leads to a denial of service vulnerability (Memory Leak). Using CWE to declare the problem leads to CWE-404. Impacted is availability. CVE summarizes:

An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service.

The weakness was published 10/18/2018. This vulnerability is handled as CVE-2018-18482 since 10/18/2018. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 10/19/2018).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

CPE

CVSSv3

VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.5

VulDB Base Score: ≈3.5
VulDB Temp Score: ≈3.5
VulDB Vector: 🔒
VulDB Reliability: 🔍

CVSSv2

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

Exploiting

Class: Denial of service / Memory Leak (CWE-404)
Local: Yes
Remote: No

Availability: No

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligence

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Actions: 🔍

Countermeasures

Recommended: no mitigation known
0-Day Time: 🔒

Timeline

10/18/2018 Advisory disclosed
10/18/2018 CVE assigned
10/19/2018 VulDB entry created
10/19/2018 VulDB last update

Sources

CVE: CVE-2018-18482 (🔒)

Entry

Created: 10/19/2018
Complete: 🔍

Lien vers l'article source

Auteur: VulDB

Catégories: VulDBNombre de vues: 289

x

Événements SSI