Bug 1110899 - (CVE-2018-17983) VUL-0: CVE-2018-17983: mercurial: out-of-bounds read during parsing of a malformed manifest entry
(CVE-2018-17983)
VUL-0: CVE-2018-17983: mercurial: out-of-bounds read during parsing of a malf...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216175/
CVSSv3:SUSE:CVE-2018-17983:6.5:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-05 10:22 UTC by Alexander Bergmann
Modified: 2018-11-27 23:50 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-10-05 10:22:04 UTC
CVE-2018-17983

Description

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17983
http://www.cvedetails.com/cve/CVE-2018-17983/
Comment 1 Takashi Iwai 2018-10-09 12:09:59 UTC
Fixed for SLE15 submitted via SR#174228.

SLE12 and older had the python version of manifest parser, so not affected.

Back to security team.
Comment 3 Swamp Workflow Management 2018-10-25 13:17:35 UTC
SUSE-SU-2018:3430-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1110899
CVE References: CVE-2018-17983
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    mercurial-4.5.2-3.6.1
Comment 4 Andreas Stieger 2018-10-26 18:16:59 UTC
shown as done here
Comment 5 Swamp Workflow Management 2018-10-26 22:23:03 UTC
openSUSE-SU-2018:3517-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1110899
CVE References: CVE-2018-17983
Sources used:
openSUSE Leap 15.0 (src):    mercurial-4.5.2-lp150.2.6.1