CVE-2018-1000221 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1000221 Interim 1 21 2023-09-23T00:07:38Z current 2021-05-30T14:20:36Z 2023-09-23T00:07:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1000221 pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed libpkgconf-devel-1.8.0-1.2 libpkgconf3-1.8.0-1.2 pkgconf-1.8.0-1.2 pkgconf-m4-1.8.0-1.2 pkgconf-pkg-config-1.8.0-1.2 libpkgconf-devel-1.8.0-1.2 as a component of openSUSE Tumbleweed libpkgconf3-1.8.0-1.2 as a component of openSUSE Tumbleweed pkgconf-1.8.0-1.2 as a component of openSUSE Tumbleweed pkgconf-m4-1.8.0-1.2 as a component of openSUSE Tumbleweed pkgconf-pkg-config-1.8.0-1.2 as a component of openSUSE Tumbleweed pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3. CVE-2018-1000221 openSUSE Tumbleweed:libpkgconf-devel-1.8.0-1.2 openSUSE Tumbleweed:libpkgconf3-1.8.0-1.2 openSUSE Tumbleweed:pkgconf-1.8.0-1.2 openSUSE Tumbleweed:pkgconf-m4-1.8.0-1.2 openSUSE Tumbleweed:pkgconf-pkg-config-1.8.0-1.2 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H