CVE-2018-19760

Published: 30 November 2018

cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
confuse
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Ignored

Ubuntu 16.04 ESM (Xenial Xerus) Ignored

Ubuntu 14.04 ESM (Trusty Tahr) Ignored

Notes

AuthorNote
msalvatore
This CVE may be disputed by upstream. From issue #120: "The bug
report is apparently incorrect and the ASAN output looks like a
premature exit without cleanup on an error in the caller, not the
library."
Ignoring this CVE

References