VDB
CVE-2018-1000097
CVE-2018-1000097
PUBLISHED
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
EPSS 3.60% · 88.0th percentile
Risk Scores
EPSS Score
3.60%
88.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | sharutils | 0, * |
| Ubuntu:14.04:LTS | sharutils | 1:4.11.1-1ubuntu2, 1:4.14-1ubuntu1, 0 |
Exploit Intelligence
- USN-3605-1 (circl)
- DSA-4167 (circl)
- 20180221 Sharutils 4.15.2 Heap-Buffer-Overflow (circl)
Timeline
- Mar 12, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1000097 third-party-advisory
- http://seclists.org/bugtraq/2018/Feb/54 third-party-advisory
- https://ubuntu.com/security/notices/USN-3605-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1000097 third-party-advisory