CVE-2018-12684

Published: Jun 22, 2018Modified: Nov 21, 2024

7.1

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.

Affected (1)

Products: Civetweb Project: Civetweb

Civetweb Project

1 product

Civetweb

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Civetweb Project Civetweb	Up to 1.10

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/civetweb/civetweb/issues/633

Source: cve@mitre.org

Third Party Advisory

https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/civetweb/civetweb/issues/633

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.