1542817 – (CVE-2018-6758) CVE-2018-6758 uwsgi: Stack-based buffer overflow in core/utils.c:uwsgi_expand_path() can lead to crash and potential code execution

Bug 1542817 (CVE-2018-6758) - CVE-2018-6758 uwsgi: Stack-based buffer overflow in core/utils.c:uwsgi_expand_path() can lead to crash and potential code execution

Summary: CVE-2018-6758 uwsgi: Stack-based buffer overflow in core/utils.c:uwsgi_expand...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-6758
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1542818 1542819
Blocks:
TreeView+	depends on / blocked

Reported:	2018-02-07 04:49 UTC by Sam Fowler
Modified:	2021-02-17 00:50 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-07-09 04:22:04 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sam Fowler 2018-02-07 04:49:13 UTC

The uwsgi_expand_path() function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length. A remote attacker could exploit this to cause a crash or potential arbitrary code execution.


External References:

http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html


Upstream Fix:

https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe

Comment 1 Sam Fowler 2018-02-07 04:49:44 UTC

Created uwsgi tracking bugs for this issue:

Affects: epel-all [bug 1542819]
Affects: fedora-all [bug 1542818]

Note You need to log in before you can comment on or make changes to this bug.