CVE-2019-17358

Published: Dec 12, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

Affected (3)

Products: Cacti: Cacti · Debian: Debian Linux · Opensuse: Leap

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cacti Cacti	Up to 1.2.7

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.3

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (28)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

Source: cve@mitre.org

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8

Source: cve@mitre.org

ProductThird Party Advisory

https://github.com/Cacti/cacti/issues/3026

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html

Source: cve@mitre.org

Third Party Advisory

https://seclists.org/bugtraq/2020/Jan/25

Source: cve@mitre.org

https://security.gentoo.org/glsa/202003-40

Source: cve@mitre.org

https://www.darkmatter.ae/xen1thlabs/

Source: cve@mitre.org

Not Applicable

https://www.debian.org/security/2020/dsa-4604

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://github.com/Cacti/cacti/issues/3026

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://seclists.org/bugtraq/2020/Jan/25

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202003-40

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.darkmatter.ae/xen1thlabs/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.debian.org/security/2020/dsa-4604

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.