CVE-2018-1000097

NameCVE-2018-1000097
DescriptionSharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4167-1
NVD severitymedium (attack range: remote)
Debian Bugs893525

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sharutils (PTS)jessie (security), jessie1:4.14-2+deb8u1fixed
stretch (security), stretch1:4.15.2-2+deb9u1fixed
buster, sid1:4.15.2-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sharutilssource(unstable)1:4.15.2-3medium893525
sharutilssourcejessie1:4.14-2+deb8u1mediumDSA-4167-1
sharutilssourcestretch1:4.15.2-2+deb9u1mediumDSA-4167-1
sharutilssourcewheezy(not affected)

Notes

[wheezy] - sharutils <not-affected> (Vulnerable code not present)
http://seclists.org/bugtraq/2018/Feb/54

Search for package or bug name: Reporting problems