Vulnerabilities > CVE-2019-11498 - Access of Uninitialized Pointer vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
wavpack
canonical
fedoraproject
debian
CWE-824
nessus
NVD
Published: 2019-04-24
Updated: 2023-11-07

Summary

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.

Vulnerable Configurations

Part Description Count
Application
Wavpack
28
OS
Canonical
3
OS
Fedoraproject
3
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-E55567B6BE.NASL
    descriptionSecurity fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132878
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132878
    titleFedora 31 : mingw-wavpack (2020-e55567b6be)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2020-e55567b6be.
#

include("compat.inc");

if (description)
{
  script_id(132878);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/17");

  script_cve_id("CVE-2018-10536", "CVE-2018-10537", "CVE-2018-10538", "CVE-2018-10539", "CVE-2018-10540", "CVE-2018-19840", "CVE-2018-19841", "CVE-2019-1010315", "CVE-2019-1010317", "CVE-2019-1010319", "CVE-2019-11498");
  script_xref(name:"FEDORA", value:"2020-e55567b6be");

  script_name(english:"Fedora 31 : mingw-wavpack (2020-e55567b6be)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538
CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841
CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-e55567b6be"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mingw-wavpack package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-wavpack");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"mingw-wavpack-5.1.0-9.fc31")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-wavpack");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2067.NASL
    descriptionThis update for wavpack fixes the following issues : Security issues fixed : - CVE-2019-1010319: Fixed use of uninitialized variable in ParseWave64HeaderConfig that can result in unexpected control flow, crashes, and segfaults (bsc#1141334). - CVE-2019-11498: Fixed possible denial of service (application crash) in WavpackSetConfiguration64 via a DFF file that lacks valid sample-rate data (bsc#1133384). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128537
    published2019-09-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128537
    titleopenSUSE Security Update : wavpack (openSUSE-2019-2067)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2191-1.NASL
    descriptionThis update for wavpack fixes the following issues : Security issues fixed : CVE-2019-1010319: Fixed use of uninitialized variable in ParseWave64HeaderConfig that can result in unexpected control flow, crashes, and segfaults (bsc#1141334). CVE-2019-11498: Fixed possible denial of service (application crash) in WavpackSetConfiguration64 via a DFF file that lacks valid sample-rate data (bsc#1133384). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128073
    published2019-08-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128073
    titleSUSE SLED15 / SLES15 Security Update : wavpack (SUSE-SU-2019:2191-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-B8A704FF4B.NASL
    description - Fix for CVE-2019-11498 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125686
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125686
    titleFedora 29 : wavpack (2019-b8a704ff4b)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-73274C9DF4.NASL
    descriptionSecurity fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132877
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132877
    titleFedora 30 : mingw-wavpack (2020-73274c9df4)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2122.NASL
    descriptionAccording to the version of the wavpack package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a
    last seen2020-05-03
    modified2019-11-12
    plugin id130831
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130831
    titleEulerOS 2.0 SP8 : wavpack (EulerOS-SA-2019-2122)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-52145AA7CA.NASL
    description - Fix for CVE-2019-11498 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125319
    published2019-05-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125319
    titleFedora 30 : wavpack (2019-52145aa7ca)

Redhat

advisories
bugzilla
id1737747
titleCVE-2019-1010317 wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentwavpack-debugsource is earlier than 0:5.1.0-15.el8
          ovaloval:com.redhat.rhsa:tst:20201581001
        • commentwavpack-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201581002
      • AND
        • commentwavpack-devel is earlier than 0:5.1.0-15.el8
          ovaloval:com.redhat.rhsa:tst:20201581003
        • commentwavpack-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201581004
      • AND
        • commentwavpack is earlier than 0:5.1.0-15.el8
          ovaloval:com.redhat.rhsa:tst:20201581005
        • commentwavpack is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201581006
rhsa
idRHSA-2020:1581
released2020-04-28
severityLow
titleRHSA-2020:1581: wavpack security update (Low)
rpms
  • wavpack-0:5.1.0-15.el8
  • wavpack-debuginfo-0:5.1.0-15.el8
  • wavpack-debugsource-0:5.1.0-15.el8
  • wavpack-devel-0:5.1.0-15.el8

References