CVE-2018-11468

Published: 25 May 2018

The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
discount Launchpad, Ubuntu, Debian	bionic	Needed
	cosmic	Not vulnerable (2.2.4-1)
	disco	Not vulnerable (2.2.4-1)
	eoan	Not vulnerable (2.2.4-1)
	focal	Not vulnerable (2.2.4-1)
	groovy	Not vulnerable (2.2.4-1)
	hirsute	Not vulnerable (2.2.4-1)
	impish	Not vulnerable (2.2.4-1)
	jammy	Not vulnerable (2.2.4-1)
	precise	Does not exist
	trusty	Does not exist (trusty was released [2.1.7-1+deb8u1build0.14.04.1])
	upstream	Released (2.1.7-1+deb8u1, 2.2.2-1+deb9u1, 2.2.4-1)
	xenial	Ignored (end of standard support, was needed)

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901912

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›