Vulnerability Details CVE-2018-12088
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
- https://bitbucket.org/nikratio/s3ql/issues/272/t3_verifypy-test_retrieve-sometimes-fails
- https://groups.google.com/forum/#%21topic/s3ql/4TzCVIMkA4o
- https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
- https://bitbucket.org/nikratio/s3ql/issues/272/t3_verifypy-test_retrieve-sometimes-fails
- https://groups.google.com/forum/#%21topic/s3ql/4TzCVIMkA4o
Products affected by CVE-2018-12088
-
cpe:2.3:a:s3ql_project:s3ql:0.1
-
cpe:2.3:a:s3ql_project:s3ql:0.10
-
cpe:2.3:a:s3ql_project:s3ql:0.11
-
cpe:2.3:a:s3ql_project:s3ql:0.12
-
cpe:2.3:a:s3ql_project:s3ql:0.13
-
cpe:2.3:a:s3ql_project:s3ql:0.14
-
cpe:2.3:a:s3ql_project:s3ql:0.15
-
cpe:2.3:a:s3ql_project:s3ql:0.16
-
cpe:2.3:a:s3ql_project:s3ql:0.17
-
cpe:2.3:a:s3ql_project:s3ql:0.18
-
cpe:2.3:a:s3ql_project:s3ql:0.19
-
cpe:2.3:a:s3ql_project:s3ql:0.2
-
cpe:2.3:a:s3ql_project:s3ql:0.20
-
cpe:2.3:a:s3ql_project:s3ql:0.20.1
-
cpe:2.3:a:s3ql_project:s3ql:0.21
-
cpe:2.3:a:s3ql_project:s3ql:0.22
-
cpe:2.3:a:s3ql_project:s3ql:0.23
-
cpe:2.3:a:s3ql_project:s3ql:0.24
-
cpe:2.3:a:s3ql_project:s3ql:0.25
-
cpe:2.3:a:s3ql_project:s3ql:0.26
-
cpe:2.3:a:s3ql_project:s3ql:0.27
-
cpe:2.3:a:s3ql_project:s3ql:0.28
-
cpe:2.3:a:s3ql_project:s3ql:0.29
-
cpe:2.3:a:s3ql_project:s3ql:0.3
-
cpe:2.3:a:s3ql_project:s3ql:0.30
-
cpe:2.3:a:s3ql_project:s3ql:0.4
-
cpe:2.3:a:s3ql_project:s3ql:0.43
-
cpe:2.3:a:s3ql_project:s3ql:0.5
-
cpe:2.3:a:s3ql_project:s3ql:0.6
-
cpe:2.3:a:s3ql_project:s3ql:0.7
-
cpe:2.3:a:s3ql_project:s3ql:0.8
-
cpe:2.3:a:s3ql_project:s3ql:0.9
-
cpe:2.3:a:s3ql_project:s3ql:1.0
-
cpe:2.3:a:s3ql_project:s3ql:1.0.1
-
cpe:2.3:a:s3ql_project:s3ql:1.1
-
cpe:2.3:a:s3ql_project:s3ql:1.1.2
-
cpe:2.3:a:s3ql_project:s3ql:1.1.3
-
cpe:2.3:a:s3ql_project:s3ql:1.1.4
-
cpe:2.3:a:s3ql_project:s3ql:1.10
-
cpe:2.3:a:s3ql_project:s3ql:1.11
-
cpe:2.3:a:s3ql_project:s3ql:1.11.1
-
cpe:2.3:a:s3ql_project:s3ql:1.12
-
cpe:2.3:a:s3ql_project:s3ql:1.13
-
cpe:2.3:a:s3ql_project:s3ql:1.13.1
-
cpe:2.3:a:s3ql_project:s3ql:1.13.2
-
cpe:2.3:a:s3ql_project:s3ql:1.14
-
cpe:2.3:a:s3ql_project:s3ql:1.15
-
cpe:2.3:a:s3ql_project:s3ql:1.16
-
cpe:2.3:a:s3ql_project:s3ql:1.17
-
cpe:2.3:a:s3ql_project:s3ql:1.18
-
cpe:2.3:a:s3ql_project:s3ql:1.18.1
-
cpe:2.3:a:s3ql_project:s3ql:1.19
-
cpe:2.3:a:s3ql_project:s3ql:1.2
-
cpe:2.3:a:s3ql_project:s3ql:1.3
-
cpe:2.3:a:s3ql_project:s3ql:1.4
-
cpe:2.3:a:s3ql_project:s3ql:1.5
-
cpe:2.3:a:s3ql_project:s3ql:1.6
-
cpe:2.3:a:s3ql_project:s3ql:1.7
-
cpe:2.3:a:s3ql_project:s3ql:1.8
-
cpe:2.3:a:s3ql_project:s3ql:1.8.1
-
cpe:2.3:a:s3ql_project:s3ql:1.9
-
cpe:2.3:a:s3ql_project:s3ql:2.0b
-
cpe:2.3:a:s3ql_project:s3ql:2.10
-
cpe:2.3:a:s3ql_project:s3ql:2.10.1
-
cpe:2.3:a:s3ql_project:s3ql:2.11
-
cpe:2.3:a:s3ql_project:s3ql:2.11.1
-
cpe:2.3:a:s3ql_project:s3ql:2.12
-
cpe:2.3:a:s3ql_project:s3ql:2.13
-
cpe:2.3:a:s3ql_project:s3ql:2.14
-
cpe:2.3:a:s3ql_project:s3ql:2.15
-
cpe:2.3:a:s3ql_project:s3ql:2.16
-
cpe:2.3:a:s3ql_project:s3ql:2.17
-
cpe:2.3:a:s3ql_project:s3ql:2.17.1
-
cpe:2.3:a:s3ql_project:s3ql:2.18
-
cpe:2.3:a:s3ql_project:s3ql:2.19
-
cpe:2.3:a:s3ql_project:s3ql:2.1b
-
cpe:2.3:a:s3ql_project:s3ql:2.2
-
cpe:2.3:a:s3ql_project:s3ql:2.20
-
cpe:2.3:a:s3ql_project:s3ql:2.21
-
cpe:2.3:a:s3ql_project:s3ql:2.22
-
cpe:2.3:a:s3ql_project:s3ql:2.23
-
cpe:2.3:a:s3ql_project:s3ql:2.24
-
cpe:2.3:a:s3ql_project:s3ql:2.25
-
cpe:2.3:a:s3ql_project:s3ql:2.26
-
cpe:2.3:a:s3ql_project:s3ql:2.3
-
cpe:2.3:a:s3ql_project:s3ql:2.4
-
cpe:2.3:a:s3ql_project:s3ql:2.5
-
cpe:2.3:a:s3ql_project:s3ql:2.6
-
cpe:2.3:a:s3ql_project:s3ql:2.7
-
cpe:2.3:a:s3ql_project:s3ql:2.8
-
cpe:2.3:a:s3ql_project:s3ql:2.8.1
-
cpe:2.3:a:s3ql_project:s3ql:2.9