CVE-2018-6758

moderate-risk
Published 2018-02-06

The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

Do I need to act?

-
0.55% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Unbit

References (6)

Issue Tracking http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
Patch https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html
Issue Tracking http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
Patch https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html
39
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal