SELA 0.1.2-alpha core/apev2.c init_apev2_keys desbordamiento de búfer

artículoeditHistoryDiffjsonxmlCTI

Una vulnerabilidad ha sido encontrada en SELA 0.1.2-alpha y clasificada como crítica. La función init_apev2_keys del archivo core/apev2.c es afectada por esta vulnerabilidad. No hay información respecto a posibles contramedidas. Se sugiere sustituir el producto con un equivalente.

Campo2018-06-01 10:332020-02-10 16:35
nameSELASELA
version0.1.2-alpha0.1.2-alpha
filecore/apev2.ccore/apev2.c
functioninit_apev2_keysinit_apev2_keys
cwe119 (desbordamiento de búfer)119 (desbordamiento de búfer)
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore7.47.4
cvss3_meta_tempscore7.47.4
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1527724800 (2018-05-31)1527724800 (2018-05-31)
urlhttps://github.com/sahaRatul/sela/issues/12https://github.com/sahaRatul/sela/issues/12
price_0day$0-$5k$0-$5k
cveCVE-2018-11626CVE-2018-11626
cve_assigned15277248001527724800
cve_nvd_published15277176001527717600
cve_nvd_summarySELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days11
cvss3_nvd_basescore7.57.5
discoverydate1527638400

Interested in the pricing of exploits?

See the underground prices here!