CVE-2018-20450

{"id": "CVE-2018-20450", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-12-25T17:29:00.250", "references": [{"url": "https://github.com/evanmiller/libxls/issues/34", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202003-64", "source": "cve@mitre.org"}, {"url": "https://github.com/evanmiller/libxls/issues/34", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202003-64", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897."}, {"lang": "es", "value": "La funci\u00f3n read_MSAT en ole.c en libxls, hasta la versi\u00f3n 1.4.0, tiene una doble liberaci\u00f3n (double free) que permite que los atacantes provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) mediante un archivo manipulado. Esta vulnerabilidad es diferente de CVE-2017-2897."}], "lastModified": "2024-11-21T04:01:30.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libxls_project:libxls:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "478735AA-A37F-46A0-86A9-DA9F84AF9EAC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}