CVE-2018-11778

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Ranger
Vendor: CVE Published:; 5 October 2018

Summary

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0

Affected Version(s)

Apache Ranger prior to 1.2.0

References

https://cwiki.apache.org/confluence/display/RANGER/Vulner...

x_refsource_CONFIRM

https://seclists.org/oss-sec/2018/q4/11

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/r04bc435a92911de4b52...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2018
Vulnerability Reserved
Jun 5, 2018