CVE-2018-10123. An issue was discovered in the C library (libc) in the Linux kernel before 4.18. The C library does not check for an end of input when parsing a malformed ISO 8859-1 (xterm) character sequence, leading to a buffer overflow. This may lead to potential privilege escalation.

CVE-2018-1088. An issue was discovered in the Linux kernel through version 4.18. The keyctl_list_data function does not validate the length of the data argument. This allows a remote attacker to cause a denial of service (buffer over-read) or to possibly execute arbitrary code with root privileges.
Existing installations of LIEF v0.12.1 may have been vulnerable to this issue.

An issue was discovered in the C library (libc) in the Linux kernel. The vfio driver forks a child device that is later connected to the vhost-net device. The device file can be deleted while the child is still being created, which leads to a deadlock and system hang. CVE-2018-5733. An issue was discovered in the Linux kernel through version 4.18. The rds_iw_laddr_check function does not check the rds_iw_laddr structure size, which allows a local attacker to cause a denial of service (system hang) by creating a large network address.
With LIEF v0.

What is Liebert Software?

Liebert Software (LIEF) is a security platform that provides solutions to detect, protect, and respond to threats in real time. LIEF has four main components:
- Liebert Security Center takes care of centralized reporting and management of Threats, Vulnerabilities, Risks, and Key Assets.
- Liebert Security Finder is the in-depth security application that provides information about current threats to organizations.
- Liebert Incident Response is a triage tool that simplifies incident response by automating incident containment and helps managers find ways to resolve incidents quickly.
- Liebert iDAP gives users visibility into what data needs protection to better understand their risk environment.

What is LIEF?

LIEF is an event-driven and lightweight event library written in C++.
It has been designed to be fast, flexible and easy to use.
It can provide robust functionality that can be used in different areas of the system, such as:
Network interfaces
USB devices
File systems
System timers
Physical devices (MPUs)

Timeline

Published on: 10/03/2022 13:15:00 UTC
Last modified on: 10/05/2022 13:04:00 UTC

References