CVE-2018-20482

MEDIUM Year: 2018
CVSS v3 Score
4.7
Medium
CVSS v2 Score
1.9
Low
Weakness Type
CWE-835
View all →

Vulnerability Description

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Related Vulnerabilities

CVE-2023-4010

MEDIUM
CVSS:4.6(Medium)

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition ...

CWE-8352023

CVE-2023-50763

MEDIUM
CVSS:4.9(Medium)

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-...

CWE-8352023

CVE-2024-32886

MEDIUM
CVSS:4.9(Medium)

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventu...

CWE-8352024

CVE-2016-4453

MEDIUM
CVSS:4.4(Medium)

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

CWE-8352016

CVE-2016-7908

MEDIUM
CVSS:4.4(Medium)

The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to...

CWE-8352016

CVE-2016-7909

MEDIUM
CVSS:4.4(Medium)

The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) ...

CWE-8352016