Vulnerability CVE-2018-13796


Published: 2018-07-12

Description:
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

Type:

CWE-20

(Improper Input Validation)

Vendor: GNU
Product: Mailman 
Version:
2.1.9
2.1.8
2.1.7
2.1.6
2.1.5.8
2.1.5
2.1.4
2.1.3
2.1.27
2.1.26
2.1.25
2.1.24
2.1.23
2.1.22
2.1.21
2.1.20
2.1.2
2.1.19
2.1.18-1
2.1.18
2.1.17
2.1.16
2.1.15
2.1.14-1
2.1.14
2.1.13
2.1.12
2.1.11
2.1.10b4
2.1.10b3
2.1.10b1
2.1.10
2.1.1
2.1
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.1
2.0
1.1
1.0

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://bugs.launchpad.net/mailman/+bug/1780874
https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
https://www.mail-archive.com/mailman-users@python.org/msg71003.html

Related CVE
CVE-2018-19217
In ncurses 6.1, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack.
CVE-2018-19211
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack.
CVE-2018-18751
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVE-2018-18701
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle...
CVE-2018-18700
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c....
CVE-2018-18607
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols ...
CVE-2018-18606
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sec...
CVE-2018-18605
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merge...

Copyright 2018, cxsecurity.com

 

Back to Top