Sign-up

ID

VAR-201808-0305


CVE

CVE-2018-0429


TITLE

Cisco Thor decoder Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008998

DESCRIPTION

Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream. Cisco Thor decoder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Thor Decoder is prone to a stack-based buffer overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Cisco Thor decoder is a video coder/decoder produced by Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2018-0429 // JVNDB: JVNDB-2018-008998 // BID: 105059 // VULHUB: VHN-118631

AFFECTED PRODUCTS

vendor:ciscomodel:thor video codecscope:ltversion:2018-8-8

Trust: 1.0

vendor:ciscomodel:thor video codecscope:eqversion:commit 18de8f9f0762c3a542b1122589edb8af859d9813

Trust: 0.8

vendor:ciscomodel:thorscope:eqversion:0

Trust: 0.3

sources: BID: 105059 // JVNDB: JVNDB-2018-008998 // NVD: CVE-2018-0429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0429
value: HIGH

Trust: 1.0

NVD: CVE-2018-0429
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-267
value: HIGH

Trust: 0.6

VULHUB: VHN-118631
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0429
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118631
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0429
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118631 // JVNDB: JVNDB-2018-008998 // CNNVD: CNNVD-201808-267 // NVD: CVE-2018-0429

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-118631 // JVNDB: JVNDB-2018-008998 // NVD: CVE-2018-0429

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-267

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201808-267

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008998

PATCH
title:Fix possible stack overflows in decoder for illegal bit streamsurl:https://github.com/cisco/thor/commit/18de8f9f0762c3a542b1122589edb8af859d9813
Trust: 0.8
title:Cisco Thor decoder Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83928
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008998 // 
            
            
            
            CNNVD: CNNVD-201808-267

EXTERNAL IDS
db:NVDid:CVE-2018-0429
Trust: 2.8
db:BIDid:105059
Trust: 2.0
db:JVNDBid:JVNDB-2018-008998
Trust: 0.8
db:CNNVDid:CNNVD-201808-267
Trust: 0.7
db:VULHUBid:VHN-118631
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118631 // 
            
            
            
            BID: 105059 // 
            
            
            
            JVNDB: JVNDB-2018-008998 // 
            
            
            
            CNNVD: CNNVD-201808-267 // 
            
            
            
            NVD: CVE-2018-0429

REFERENCES
url:https://github.com/cisco/thor/commit/18de8f9f0762c3a542b1122589edb8af859d9813
Trust: 2.0
url:http://www.securityfocus.com/bid/105059
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0429
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0429
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118631 // 
            
            
            
            BID: 105059 // 
            
            
            
            JVNDB: JVNDB-2018-008998 // 
            
            
            
            CNNVD: CNNVD-201808-267 // 
            
            
            
            NVD: CVE-2018-0429

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 105059

SOURCES
db:VULHUBid:VHN-118631
db:BIDid:105059
db:JVNDBid:JVNDB-2018-008998
db:CNNVDid:CNNVD-201808-267
db:NVDid:CVE-2018-0429

LAST UPDATE DATE
2024-11-23T22:41:45.968000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118631date:2019-10-03T00:00:00
db:BIDid:105059date:2018-08-09T00:00:00
db:JVNDBid:JVNDB-2018-008998date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-267date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0429date:2024-11-21T03:38:12.670

SOURCES RELEASE DATE
db:VULHUBid:VHN-118631date:2018-08-09T00:00:00
db:BIDid:105059date:2018-08-09T00:00:00
db:JVNDBid:JVNDB-2018-008998date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-267date:2018-08-10T00:00:00
db:NVDid:CVE-2018-0429date:2018-08-09T20:29:00.143