CVE-2018-1000097

NameCVE-2018-1000097
DescriptionSharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-4167-1
Debian Bugs893525

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sharutils (PTS)jessie, jessie (lts)1:4.14-2+deb8u1fixed
stretch (security), stretch (lts), stretch1:4.15.2-2+deb9u1fixed
buster1:4.15.2-4fixed
bullseye1:4.15.2-5fixed
sid, trixie, bookworm1:4.15.2-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sharutilssourcewheezy(not affected)
sharutilssourcejessie1:4.14-2+deb8u1DSA-4167-1
sharutilssourcestretch1:4.15.2-2+deb9u1DSA-4167-1
sharutilssource(unstable)1:4.15.2-3893525

Notes

[wheezy] - sharutils <not-affected> (Vulnerable code not present)
http://seclists.org/bugtraq/2018/Feb/54

Search for package or bug name: Reporting problems