CVE Vulnerability

CVE-2018-11778

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0

6.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://seclists.org/oss-sec/2018/q4/11 Mailing List Third Party Advisory
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger Vendor Advisory
https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E
Configurations

Configuration 1

cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:*
Information

Published : 2018-10-05 07:29

Updated : 2020-08-24 05:37

NVD link : CVE-2018-11778

Mitre link : CVE-2018-11778

Products Affected
No products.
CWE
CWE-787