Home

CVE-2018-17294

Description

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input strings length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.51

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2019:13994-1(SUSE Linux Enterprise Server 11-SP4 ) liblouis-1.7.0-1.3.16.1.i586.rpmLinux
SUSE-SU-2019:13994-1(SUSE Linux Enterprise Server 11-SP4 ) liblouis-1.7.0-1.3.16.1.x86_64.rpmLinux
SUSE-SU-2019:13994-1(SUSE Linux Enterprise Server 11-SP4 ) liblouis0-1.7.0-1.3.16.1.i586.rpmLinux
SUSE-SU-2019:13994-1(SUSE Linux Enterprise Server 11-SP4 ) liblouis0-1.7.0-1.3.16.1.x86_64.rpmLinux
SUSE-SU-2019:13994-1(SUSE Linux Enterprise Server 11-SP4 ) python-louis-1.7.0-1.3.16.1.i586.rpmLinux
SUSE-SU-2019:13994-1(SUSE Linux Enterprise Server 11-SP4 ) python-louis-1.7.0-1.3.16.1.x86_64.rpmLinux
SUSE-SU-2020:3107-1(SUSE Linux Enterprise Server 12-SP5 ) liblouis-data-2.6.4-6.9.24.x86_64.rpmLinux
SUSE-SU-2020:3107-1(SUSE Linux Enterprise Server 12-SP5 ) liblouis-debugsource-2.6.4-6.9.24.x86_64.rpmLinux
SUSE-SU-2020:3107-1(SUSE Linux Enterprise Server 12-SP5 ) liblouis9-2.6.4-6.9.24.x86_64.rpmLinux
SUSE-SU-2020:3107-1(SUSE Linux Enterprise Server 12-SP5 ) liblouis9-debuginfo-2.6.4-6.9.24.x86_64.rpmLinux
SUSE-SU-2020:3107-1(SUSE Linux Enterprise Server 12-SP5 ) python-louis-2.6.4-6.9.39.x86_64.rpmLinux
SUSE-SU-2020:3107-1(SUSE Linux Enterprise Server 12-SP5 ) python3-louis-2.6.4-6.9.41.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234