VDB
CVE-2018-18385
CVE-2018-18385
PUBLISHED
Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.
EPSS 0.53% · 67.7th percentile
Risk Scores
EPSS Score
0.53%
67.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | asciidoctor | 1.5.5-1, 0 |
| Ubuntu:16.04:LTS | asciidoctor | 0, 1.5.2-2, 1.5.3-1 |
Exploit Intelligence
Timeline
- Oct 16, 2018 CVE Published
- Oct 3, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-18385 third-party-advisory
- https://github.com/asciidoctor/asciidoctor/issues/2888 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-18385 third-party-advisory