Bug#893431: libevt: CVE-2018-8754
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 18 19:42:22 UTC 2018
Source: libevt
Version: 20170120-1
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for libevt.
CVE-2018-8754[0]:
| The libevt_record_values_read_event() function in
| libevt_record_values.c in libevt before 2018-03-17 does not properly
| check for out-of-bounds values of user SID data size, strings size, or
| data size.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-8754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8754
[1] https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734
Regards,
Salvatore
More information about the forensics-devel
mailing list