Buffer Overflow Vulnerability in GNOME Evolution's Evolution-Data-Server
CVE-2018-12422

9.8CRITICAL

Key Information:

Vendor: Gnome
Status: Evolution
Vendor: CVE Published:; 15 June 2018

What is CVE-2018-12422?

A vulnerability was identified in the Evolution-Data-Server used by GNOME Evolution, specifically within the LDAP backend. The flaw arises from a potential buffer overflow triggered by long queries processed through the strcat function. Although the software maintainer argues that the code computes the required string length and allocates sufficient heap memory, the risk of manipulation remains. This could allow unauthorized users to execute unintended actions, emphasizing the importance of updating to a secure version to mitigate risks.

References

https://bugzilla.gnome.org/show_bug.cgi?id=796174

x_refsource_MISC

https://gitlab.gnome.org/GNOME/evolution-data-server/comm...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2018
Vulnerability Reserved
Jun 14, 2018

Gnome

What is CVE-2018-12422?

References

CVSS V3.1

Timeline