VDB
CVE-2018-12584
CVE-2018-12584
PUBLISHED
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
EPSS 25.19% · 96.3th percentile
Risk Scores
EPSS Score
25.19%
96.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | resiprocate | 0, 1:1.11.0~beta5-1 |
| Ubuntu:16.04:LTS | resiprocate | 0, 1:1.10.0-1, 1:1.10.1-1 |
Exploit Intelligence
- http://seclists.org/bugtraq/2018/Aug/14 (nist-nvd)
- https://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.html (nist-nvd)
- https://www.exploit-db.com/exploits/45174/ (nist-nvd)
- https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608 (circl)
- [debian-lts-announce] 20180724 [SECURITY] [DLA 1439-1] resiprocate security update (circl)
- http://joachimdezutter.webredirect.org/advisory.html (circl)
- [debian-lts-announce] 20211229 [SECURITY] [DLA 2865-1] resiprocate security update (circl)
- reSIProcate 1.10.2 Heap Overflow Exploit (0day-today)
- reSIProcate 1.10.2 Heap Overflow Exploit (0day-today)
Timeline
- Jul 16, 2018 CVE Published
- Aug 8, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 6, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-12584 third-party-advisory
- http://joachimdezutter.webredirect.org/advisory.html third-party-advisory
- https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-12584 third-party-advisory