CVE-2018-17336

Impact:
Moderate
Public Date:
2018-09-22
CWE:
CWE-134
Bugzilla:
1632828: CVE-2018-17336 udisks: Format string vulnerability in udisks_log in udiskslogging.c
An uncontrolled format string vulnerability has been discovered in udisks when it mounts a filesystem with a malformed label. A local attacker may use this flaw to leak memory, make the udisks service crash, or cause other unspecified effects.

Find out more about CVE-2018-17336 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 udisks2 Affected
Red Hat Enterprise Linux 6 udisks Will not fix
Red Hat Ceph Storage 2 storaged Not affected

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.