Vulnerabilities > CVE-2018-18751 - Double Free vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

NVD

Published: 2018-10-29

Updated: 2020-09-08

Summary

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Gettext 0.19.8	1
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10	5
OS	Redhat Redhat Enterprise Linux 7.0	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Nessus

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2320.NASL
description	According to the version of the gettext packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131485
published	2019-12-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131485
title	EulerOS Virtualization for ARM 64 3.0.3.0 : gettext (EulerOS-SA-2019-2320)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0116_GETTEXT.NASL
description	An update of the gettext package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	122012
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122012
title	Photon OS 2.0: Gettext PHSA-2018-2.0-0116

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2020-1138.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1138 advisory. - gettext: double free in default_add_message in read- catalog.c (CVE-2018-18751) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-06
modified	2020-04-10
plugin id	135346
published	2020-04-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135346
title	CentOS 7 : gettext (CESA-2020:1138)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3815-1.NASL
description	It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	118906
published	2018-11-13
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118906
title	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : gettext vulnerability (USN-3815-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2505.NASL
description	According to the version of the gettext packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-04
plugin id	131658
published	2019-12-04
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131658
title	EulerOS 2.0 SP2 : gettext (EulerOS-SA-2019-2505)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1138.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1138 advisory. - gettext: double free in default_add_message in read- catalog.c (CVE-2018-18751) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-03-31
plugin id	135046
published	2020-03-31
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135046
title	RHEL 7 : gettext (RHSA-2020:1138)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200407_GETTEXT_ON_SL7_X.NASL
description	* gettext: double free in default_add_message in read-catalog.c
last seen	2020-04-30
modified	2020-04-21
plugin id	135811
published	2020-04-21
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135811
title	Scientific Linux Security Update : gettext on SL7.x x86_64 (20200407)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-D6211ABFB0.NASL
description	fix CVE-2018-18751 (rhbz#1647044), move gettextize man to correct subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120829
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120829
title	Fedora 29 : gettext (2018-d6211abfb0)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-3643.NASL
description	An update for gettext is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The gettext packages provide a documentation for producing multi-lingual messages in programs, set of conventions about how programs should be written, a runtime library, and a directory and file naming organization for the message catalogs. Security Fix(es) : * gettext: double free in default_add_message in read-catalog.c (CVE-2018-18751) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	130561
published	2019-11-06
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130561
title	RHEL 8 : gettext (RHSA-2019:3643)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1469.NASL
description	According to the version of the gettext packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-04-30
modified	2020-04-16
plugin id	135631
published	2020-04-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135631
title	EulerOS Virtualization 3.0.2.2 : gettext (EulerOS-SA-2020-1469)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2075.NASL
description	According to the version of the gettext packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-03
modified	2019-09-30
plugin id	129434
published	2019-09-30
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129434
title	EulerOS 2.0 SP8 : gettext (EulerOS-SA-2019-2075)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1248.NASL
description	According to the version of the gettext packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-19
modified	2020-03-13
plugin id	134537
published	2020-03-13
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134537
title	EulerOS Virtualization for ARM 64 3.0.2.0 : gettext (EulerOS-SA-2020-1248)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2270.NASL
description	According to the version of the gettext packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-11-08
plugin id	130732
published	2019-11-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130732
title	EulerOS 2.0 SP3 : gettext (EulerOS-SA-2019-2270)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1966.NASL
description	According to the version of the gettext packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.(CVE-2018-18751) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-09-23
plugin id	129123
published	2019-09-23
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129123
title	EulerOS 2.0 SP5 : gettext (EulerOS-SA-2019-1966)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-A5D1FA335E.NASL
description	fix CVE-2018-18751 (rhbz#1647044), move gettextize man to correct subpackage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120677
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120677
title	Fedora 28 : gettext (2018-a5d1fa335e)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2485.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2485 advisory. - gettext: double free in default_add_message in read- catalog.c (CVE-2018-18751) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-13
modified	2020-06-12
plugin id	137395
published	2020-06-12
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137395
title	RHEL 7 : gettext (RHSA-2020:2485)

Redhat

advisories

bugzilla

id	1647043
title	CVE-2018-18751 gettext: double free in default_add_message in read-catalog.c

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND

comment gettext-common-devel is earlier than 0:0.19.8.1-17.el8
oval oval:com.redhat.rhsa:tst:20193643001
comment gettext-common-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643002

AND
comment gettext is earlier than 0:0.19.8.1-17.el8
oval oval:com.redhat.rhsa:tst:20193643003
comment gettext is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643004
AND
comment gettext-devel is earlier than 0:0.19.8.1-17.el8
oval oval:com.redhat.rhsa:tst:20193643005
comment gettext-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643006

AND

comment gettext-debugsource is earlier than 0:0.19.8.1-17.el8
oval oval:com.redhat.rhsa:tst:20193643007
comment gettext-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643008

AND
comment gettext-libs is earlier than 0:0.19.8.1-17.el8
oval oval:com.redhat.rhsa:tst:20193643009
comment gettext-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643010

rhsa

id	RHSA-2019:3643
released	2019-11-05
severity	Low
title	RHSA-2019:3643: gettext security update (Low)

bugzilla

id	1788414
title	[gettext] preuninstall scripts in TPS tests are failing for 2019:45774

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment gettext-common-devel is earlier than 0:0.19.8.1-3.el7
oval oval:com.redhat.rhsa:tst:20201138001
comment gettext-common-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643002

AND
comment gettext-libs is earlier than 0:0.19.8.1-3.el7
oval oval:com.redhat.rhsa:tst:20201138003
comment gettext-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643010
AND
comment gettext-devel is earlier than 0:0.19.8.1-3.el7
oval oval:com.redhat.rhsa:tst:20201138005
comment gettext-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643006
AND
comment gettext is earlier than 0:0.19.8.1-3.el7
oval oval:com.redhat.rhsa:tst:20201138007
comment gettext is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193643004
AND
comment emacs-gettext is earlier than 0:0.19.8.1-3.el7
oval oval:com.redhat.rhsa:tst:20201138009
comment emacs-gettext is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201138010

rhsa

id	RHSA-2020:1138
released	2020-03-31
severity	Low
title	RHSA-2020:1138: gettext security and bug fix update (Low)

rpms

gettext-0:0.19.8.1-17.el8
gettext-common-devel-0:0.19.8.1-17.el8
gettext-debuginfo-0:0.19.8.1-17.el8
gettext-debugsource-0:0.19.8.1-17.el8
gettext-devel-0:0.19.8.1-17.el8
gettext-devel-debuginfo-0:0.19.8.1-17.el8
gettext-libs-0:0.19.8.1-17.el8
gettext-libs-debuginfo-0:0.19.8.1-17.el8
emacs-gettext-0:0.19.8.1-3.el7
gettext-0:0.19.8.1-3.el7
gettext-common-devel-0:0.19.8.1-3.el7
gettext-debuginfo-0:0.19.8.1-3.el7
gettext-devel-0:0.19.8.1-3.el7
gettext-libs-0:0.19.8.1-3.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References