CVE-2018-12088
Last modified
CVE-2018-12088 is a vulnerability of currently unknown severity. S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.. EPSS estimates a 1.88% chance of exploitation in the next 30 days.
Description
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| S3ql Project | S3ql | < 2.27 |
References
- https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020Patch, Third Party Advisory
- https://bitbucket.org/nikratio/s3ql/issues/272/t3_verifypy-test_retrieve-sometimes-failsExploit, Third Party Advisory
- https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020Patch, Third Party Advisory
- https://bitbucket.org/nikratio/s3ql/issues/272/t3_verifypy-test_retrieve-sometimes-failsExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12088?
How severe is CVE-2018-12088?
How do I fix CVE-2018-12088?
Are you affected by CVE-2018-12088?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST