CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-12422

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile34.60th
Published2018年6月15日
Last Modified2024年11月21日

Vulnerability Description

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.

Affected Platforms (CPE)

📦
Gnome

Evolution

<= 3.29.2

References & Advisories

🔗 https://bugzilla.gnome.org/show_bug.cgi?id=796174
🔗 https://gitlab.gnome.org/GNOME/evolution-data-server/commit/34bad6173
🔗 https://bugzilla.gnome.org/show_bug.cgi?id=796174
🔗 https://gitlab.gnome.org/GNOME/evolution-data-server/commit/34bad6173

相關漏洞威脅

CVE-2008-353310.0

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows re...

CVE-2021-435279.8

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded D...

CVE-2020-121339.8

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.fac...

CVE-2005-01029.8

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execut...