CVE-2018-14939

{"id": "CVE-2018-14939", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-08-05T18:29:00.207", "references": [{"url": "http://www.securityfocus.com/bid/105047", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugs.documentfoundation.org/show_bug.cgi?id=118514", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site."}, {"lang": "es", "value": "La funci\u00f3n get_app_path en desktop/unx/source/start.c en LibreOffice hasta la versi\u00f3n 6.0.5 gestiona de manera incorrecta la funci\u00f3n realpath en ciertos entornos, como FreeBSD libc, lo que podr\u00eda permitir que atacantes provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, otro tipo de impacto sin especificar si se inicia autom\u00e1ticamente LibreOffice durante la navegaci\u00f3n web con nombres de ruta controlados por un sitio web remoto."}], "lastModified": "2018-10-17T20:10:58.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16FF2024-BE89-4EFA-8CFB-BB3CBFB1F1C1", "versionEndIncluding": "6.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}