CVE-2018-17336 Information

Description

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c allowing attackers to obtain sensitive information (stack contents) cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed filesystem label as demonstrated by d or n substrings.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://access.redhat.com/errata/RHSA-2019:2178 https://github.com/storaged-project/udisks/issues/578 https://usn.ubuntu.com/3772-1/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8