{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-18T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699927"}, {"name": "RHSA-2018:3834", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3834"}, {"name": "USN-3803-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3803-1/"}, {"name": "[oss-security] 20181010 ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2018/10/10/12"}, {"name": "DSA-4336", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4336"}, {"name": "[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18073", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html"}, {"name": "https://bugs.ghostscript.com/show_bug.cgi?id=699927", "refsource": "CONFIRM", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699927"}, {"name": "RHSA-2018:3834", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3834"}, {"name": "USN-3803-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3803-1/"}, {"name": "[oss-security] 20181010 ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2018/10/10/12"}, {"name": "DSA-4336", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4336"}, {"name": "[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html"}, {"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690"}, {"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c", "refsource": "CONFIRM", "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:01:14.760Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699927"}, {"name": "RHSA-2018:3834", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3834"}, {"name": "USN-3803-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3803-1/"}, {"name": "[oss-security] 20181010 ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2018/10/10/12"}, {"name": "DSA-4336", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4336"}, {"name": "[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18073", "datePublished": "2018-10-15T16:00:00", "dateReserved": "2018-10-09T00:00:00", "dateUpdated": "2024-08-05T11:01:14.760Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "329E2442-1157-4028-95DC-D6C59C4D37EA", "versionEndIncluding": "9.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object."}, {"lang": "es", "value": "Artifex Ghostscript permite que los atacantes omitan un mecanismo de protecci\u00f3n de sandbox aprovechando la exposici\u00f3n de los operadores del sistema en la pila de ejecuci\u00f3n guardada en un objeto error."}], "id": "CVE-2018-18073", "lastModified": "2024-11-21T03:55:26.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-15T16:29:03.160", "references": [{"source": "cve@mitre.org", "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2018/10/10/12"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3834"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699927"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3803-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2018/10/10/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699927"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3803-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4336"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3834", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ghostscript-0:9.07-31.el7_6.6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-12-17T00:00:00Z"}], "bugzilla": {"description": "ghostscript: Saved execution stacks can leak operator arrays", "id": "1642584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642584"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-460", "details": ["Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object."], "mitigation": {"lang": "en:us", "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509"}, "name": "CVE-2018-18073", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ghostscript", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-18073\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18073"], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Important"}