CVE-2018-17937 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscert	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Vendor	Product	Version
gpsd_project	gpsd	2.90 ≤ 𝑥 ≤ 3.17
microjson_project	microjson	1.0 ≤ 𝑥 ≤ 1.3
debian	debian_linux	8.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gpsd

bullseye	3.22-4 fixed
bookworm	3.22-4.1 fixed
sid	3.25-4 fixed
trixie	3.25-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

gpsd

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	ignored
cosmic	ignored
bionic	needed
xenial	needed
trusty	dne

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

http://www.securityfocus.com/bid/107029

https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01

https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html

https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html

https://security.gentoo.org/glsa/202009-17

http://www.securityfocus.com/bid/107029

https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01

https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html

https://lists.debian.org/debian-lts-announce/2021/10/msg00024.html

https://security.gentoo.org/glsa/202009-17