Your submission was sent successfully! Close

CVE-2018-12422

Published: 15 June 2018

** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap."

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
evolution
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Ignored

Ubuntu 16.04 ESM (Xenial Xerus) Ignored

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
Patches:
Upstream: https://gitlab.gnome.org/GNOME/evolution/commit/a87ce36cd
evolution-data-server
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Ignored

Ubuntu 16.04 ESM (Xenial Xerus) Ignored

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
Patches:
Upstream: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/c52a659c8