Vulnerabilities > CVE-2018-7435 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 | |
| OS | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4129.NASL description Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 107121 published 2018-03-05 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107121 title Debian DSA-4129-1 : freexl - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4129. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(107121); script_version("3.4"); script_cvs_date("Date: 2019/03/05 11:33:43"); script_cve_id("CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439"); script_xref(name:"DSA", value:"4129"); script_name(english:"Debian DSA-4129-1 : freexl - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/freexl" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/freexl" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/freexl" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4129" ); script_set_attribute( attribute:"solution", value: "Upgrade the freexl packages. For the oldstable distribution (jessie), these problems have been fixed in version 1.0.0g-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.0.2-2+deb9u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freexl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/23"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libfreexl-dev", reference:"1.0.0g-1+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libfreexl1", reference:"1.0.0g-1+deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libfreexl1-dbg", reference:"1.0.0g-1+deb8u5")) flag++; if (deb_check(release:"9.0", prefix:"libfreexl-dev", reference:"1.0.2-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libfreexl1", reference:"1.0.2-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libfreexl1-dbg", reference:"1.0.2-2+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1297.NASL description Leon reported five heap-based buffer-overflow vulnerabilities in FreeXL. CVE-2018-7435 There is a heap-based buffer over-read in the freexl::destroy_cell function. CVE-2018-7436 There is a heap-based buffer over-read in a pointer dereference of the parse_SST function. CVE-2018-7437 There is a heap-based buffer over-read in a memcpy call of the parse_SST function. CVE-2018-7438 There is a heap-based buffer over-read in the parse_unicode_string function. CVE-2018-7439 There is a heap-based buffer over-read in the function read_mini_biff_next_record. For Debian 7 last seen 2020-03-17 modified 2018-03-02 plugin id 107105 published 2018-03-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107105 title Debian DLA-1297-1 : freexl security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-217.NASL description This update for freexl fixes the following issues : freexl was updated to version 1.0.5 : - No changelog provided by upstream - Various heapoverflows in 1.0.4 have been fixed : - CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774) - CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775) - CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776) - CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777) - CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778) last seen 2020-06-05 modified 2018-03-02 plugin id 107113 published 2018-03-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107113 title openSUSE Security Update : freexl (openSUSE-2018-217)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1547879
- https://bugzilla.redhat.com/show_bug.cgi?id=1547879
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE
- https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html
- https://security.gentoo.org/glsa/202007-44
- https://security.gentoo.org/glsa/202007-44
- https://www.debian.org/security/2018/dsa-4129
- https://www.debian.org/security/2018/dsa-4129