Bug 1632834 (CVE-2018-17294)
Summary: | CVE-2018-17294 liblouis: Stack-based buffer over-read in matchCurrentInput function lou_translateString.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | martin.gieseking, mclasen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | liblouis 3.7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-25 22:19:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1632836, 1632837 | ||
Bug Blocks: | 1632835 |
Description
Pedro Sampaio
2018-09-25 15:58:51 UTC
Created liblouis tracking bugs for this issue: Affects: fedora-all [bug 1632836] Rebuilt with ASAN. No crashes, no errors. Same with Valgrind. Source has similar potentially vulnerable code, i.e. matchcurrentInput, but since this didn't trigger and is low, closing as NOTAFFECTED instead of going deeper into this. |