CVE-2018-1000097

NameCVE-2018-1000097
DescriptionSharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4167-1
NVD severitymedium
Debian Bugs893525

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sharutils (PTS)stretch (security), stretch1:4.15.2-2+deb9u1fixed
buster1:4.15.2-4fixed
bullseye, sid1:4.15.2-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sharutilssourcewheezy(not affected)
sharutilssourcejessie1:4.14-2+deb8u1DSA-4167-1
sharutilssourcestretch1:4.15.2-2+deb9u1DSA-4167-1
sharutilssource(unstable)1:4.15.2-3893525

Notes

[wheezy] - sharutils <not-affected> (Vulnerable code not present)
http://seclists.org/bugtraq/2018/Feb/54

Search for package or bug name: Reporting problems