CVE Vulnerabilities

CVE-2018-18751

Double Free

Published: Oct 29, 2018 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
4 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name Vendor Start Version End Version
Gettext Gnu 0.19.8 (including) 0.19.8 (including)
Red Hat Enterprise Linux 7 RedHat gettext-0:0.19.8.1-3.el7 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat gettext-0:0.19.8.1-3.el7_6 *
Red Hat Enterprise Linux 7.7 Extended Update Support RedHat gettext-0:0.19.8.1-3.el7_7 *
Red Hat Enterprise Linux 8 RedHat gettext-0:0.19.8.1-17.el8 *
Gettext Ubuntu bionic *
Gettext Ubuntu cosmic *
Gettext Ubuntu devel *
Gettext Ubuntu esm-infra-legacy/trusty *
Gettext Ubuntu esm-infra/bionic *
Gettext Ubuntu esm-infra/xenial *
Gettext Ubuntu trusty *
Gettext Ubuntu trusty/esm *
Gettext Ubuntu xenial *

Potential Mitigations

References