CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name	Vendor	Start Version	End Version
Remctl	Eyrie	*	3.14 (excluding)
Remctl	Ubuntu	artful	*
Remctl	Ubuntu	bionic	*
Remctl	Ubuntu	cosmic	*
Remctl	Ubuntu	devel	*
Remctl	Ubuntu	disco	*
Remctl	Ubuntu	eoan	*
Remctl	Ubuntu	esm-apps/bionic	*
Remctl	Ubuntu	esm-apps/focal	*
Remctl	Ubuntu	esm-apps/jammy	*
Remctl	Ubuntu	esm-apps/noble	*
Remctl	Ubuntu	esm-apps/xenial	*
Remctl	Ubuntu	focal	*
Remctl	Ubuntu	groovy	*
Remctl	Ubuntu	hirsute	*
Remctl	Ubuntu	impish	*
Remctl	Ubuntu	jammy	*
Remctl	Ubuntu	kinetic	*
Remctl	Ubuntu	lunar	*
Remctl	Ubuntu	mantic	*
Remctl	Ubuntu	noble	*
Remctl	Ubuntu	oracular	*
Remctl	Ubuntu	plucky	*
Remctl	Ubuntu	questing	*
Remctl	Ubuntu	trusty	*
Remctl	Ubuntu	upstream	*
Remctl	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0493
CWE	https://cwe.mitre.org/data/definitions/416.html

Use After Free

Weakness

Affected Software

Potential Mitigations

References