1725710 – (CVE-2018-18837) CVE-2018-18837 netdata: HTTP Header injection in web_client_api_request_v1_data in web/api/web_api_v1.c

Bug 1725710 (CVE-2018-18837) - CVE-2018-18837 netdata: HTTP Header injection in web_client_api_request_v1_data in web/api/web_api_v1.c

Summary: CVE-2018-18837 netdata: HTTP Header injection in web_client_api_request_v1_da...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2018-18837
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (3):	CVE-2018-18836 1725749 1725751 (view as bug list)
Depends On:	1725749 1725751
Blocks:	CVE-2018-18836, CVE-2018-18836
TreeView+	depends on / blocked

Reported:	2019-07-01 09:47 UTC by Dhananjay Arunesh
Modified:	2019-09-29 15:15 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-07-01 17:02:48 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-07-01 09:47:38 UTC

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.

Reference:
https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L367-L370
https://github.com/netdata/netdata/pull/4521
https://www.red4sec.com/cve/netdata_header_injection.txt

Upstream commit:
https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca

Comment 1 Dhananjay Arunesh 2019-07-01 12:08:19 UTC

Created netdata tracking bugs for this issue:

Affects: fedora-all [bug 1725749]

Comment 2 Dhananjay Arunesh 2019-07-01 12:08:59 UTC

Created netdata tracking bugs for this issue:

Affects: epel-all [bug 1725751]

Comment 3 Didier Fabert (tartare) 2019-07-01 17:02:48 UTC

All versions in fedora and epel (1.13 -> 1.15) are already patched by upstream (sources checked). This is a bug discovered in 2019 October and immediately patched by upstream.

Comment 4 Didier Fabert (tartare) 2019-07-01 17:05:05 UTC

*** Bug 1725749 has been marked as a duplicate of this bug. ***

Comment 5 Didier Fabert (tartare) 2019-07-01 17:05:45 UTC

*** Bug 1725751 has been marked as a duplicate of this bug. ***

Comment 6 Didier Fabert (tartare) 2019-07-01 17:06:46 UTC

*** Bug 1725747 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.