← Back

CVE-2018-10995

nvd nist
Published: May 30, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

Affected (17)

Schedmd
1 product
Slurm
Debian
1 product
Debian Linux
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Schedmd
Slurm
Up to 17.02.10.1
Slurm
Version 17.11.0.0 pre1
Slurm
Version 17.11.0.0 pre2
Slurm
Version 17.11.0.0 rc1
Slurm
Version 17.11.0.0 rc2
Slurm
Version 17.11.0.0 rc3
Slurm
Version 17.11.0.1
Slurm
Version 17.11.1.1
Slurm
Version 17.11.1.2
Slurm
Version 17.11.2.1
Slurm
Version 17.11.3.1
Slurm
Version 17.11.3.2
Slurm
Version 17.11.4.1
Slurm
Version 17.11.5.1
Slurm
Version 17.11.6.1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.