Vulnerability Details CVE-2017-9988
The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://github.com/libming/libming/issues/85
- https://lists.debian.org/debian-lts-announce/2017/11/msg00022.html
- https://security.gentoo.org/glsa/201904-24
- https://github.com/libming/libming/issues/85
- https://lists.debian.org/debian-lts-announce/2017/11/msg00022.html
- https://security.gentoo.org/glsa/201904-24
Products affected by CVE-2017-9988
-
cpe:2.3:a:libming:libming:0.4.8
-
cpe:2.3:o:debian:debian_linux:7.0