CVE-2018-17336

Public on 2018-09-22
Modified on 2019-12-18
Description
An uncontrolled format string vulnerability has been discovered in udisks when it mounts a filesystem with a malformed label. A local attacker may use this flaw to leak memory, make the udisks service crash, or cause other unspecified effects.
Severity
Medium severity
Medium
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core udisks2 2019-12-13 ALAS2-2019-1377 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
NVD CVSSv2 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H