CVE-2018-12930

{"id": "CVE-2018-12930", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-06-28T14:29:00.463", "references": [{"url": "http://www.securityfocus.com/bid/104588", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0641", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem."}, {"lang": "es", "value": "ntfs_end_buffer_async_read en el controlador en el sistema de archivos ntfs.ko en el kernel de Linux 4.15.0 permite que los atacantes desencadenen una escritura fuera de l\u00edmites basada en la pila de memoria y provoquen una denegaci\u00f3n de servicio (OOPS o p\u00e1nico del kernel) o, posiblemente, provoquen otro impacto no especificado mediante un sistema de archivos ntfs manipulado."}], "lastModified": "2019-03-26T13:35:37.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "380E55F5-238D-4FBB-8DB1-DB10EFC37CD0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "07D7E90D-91CC-4AB1-AAEB-6F3BD90FF8FF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}