CVE-2018-11698 (High) detected in opennms-opennms-source-24.1.3-1 #90
Description
CVE-2018-11698 - High Severity Vulnerability
Vulnerable Library - opennmsopennms-source-24.1.3-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 670af802c8765372e61dfe079d47c38298f173e4
Library Source Files (78)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /facecreator/node_modules/console-stream/test/static/test-adapter.js
- /facecreator/node_modules/nan/nan_callbacks_pre_12_inl.h
- /facecreator/node_modules/node-sass/src/libsass/src/expand.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/expand.cpp
- /facecreator/node_modules/node-sass/src/sass_types/factory.cpp
- /facecreator/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
- /facecreator/node_modules/node-sass/src/sass_types/boolean.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/util.hpp
- /facecreator/node_modules/node-sass/src/sass_types/value.h
- /facecreator/node_modules/node-sass/src/libsass/src/emitter.hpp
- /facecreator/node_modules/nan/nan_converters_pre_43_inl.h
- /facecreator/node_modules/node-sass/src/callback_bridge.h
- /facecreator/node_modules/node-sass/src/libsass/src/file.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/sass.cpp
- /facecreator/node_modules/nan/nan_persistent_12_inl.h
- /facecreator/node_modules/node-sass/src/libsass/src/operation.hpp
- /facecreator/node_modules/nan/nan_persistent_pre_12_inl.h
- /facecreator/node_modules/node-sass/src/libsass/src/operators.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/constants.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /facecreator/node_modules/nan/nan_implementation_pre_12_inl.h
- /facecreator/node_modules/js-base64/.attic/test-moment/./dankogai.js
- /facecreator/node_modules/node-sass/src/custom_importer_bridge.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/parser.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/constants.cpp
- /facecreator/node_modules/node-sass/src/sass_types/list.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/cssize.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/functions.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/util.cpp
- /facecreator/node_modules/node-sass/src/custom_function_bridge.cpp
- /facecreator/node_modules/nan/nan_typedarray_contents.h
- /facecreator/node_modules/node-sass/src/custom_importer_bridge.h
- /facecreator/node_modules/node-sass/src/libsass/src/bind.cpp
- /facecreator/node_modules/nan/nan_json.h
- /facecreator/node_modules/node-sass/src/libsass/src/eval.hpp
- /facecreator/node_modules/nan/nan_converters.h
- /facecreator/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/extend.cpp
- /facecreator/node_modules/node-sass/src/sass_context_wrapper.h
- /facecreator/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /facecreator/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/debugger.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/emitter.cpp
- /facecreator/node_modules/node-sass/src/sass_types/number.cpp
- /facecreator/node_modules/node-sass/src/sass_types/color.h
- /facecreator/node_modules/nan/nan_new.h
- /facecreator/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/ast.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/output.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /facecreator/node_modules/node-sass/src/sass_types/null.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/functions.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/cssize.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/ast.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/to_c.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/to_value.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /facecreator/node_modules/nan/nan_callbacks.h
- /facecreator/node_modules/node-sass/src/libsass/src/inspect.hpp
- /facecreator/node_modules/node-sass/src/sass_types/color.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/values.cpp
- /facecreator/node_modules/node-sass/src/sass_context_wrapper.cpp
- /facecreator/node_modules/node-sass/src/sass_types/list.h
- /facecreator/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /facecreator/node_modules/nan/nan_define_own_property_helper.h
- /facecreator/node_modules/js-base64/test/./es5.js
- /facecreator/node_modules/node-sass/src/sass_types/map.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/to_value.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/context.cpp
- /facecreator/node_modules/node-sass/src/sass_types/string.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /facecreator/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /facecreator/node_modules/node-sass/src/libsass/src/context.hpp
- /facecreator/node_modules/node-sass/src/sass_types/boolean.h
- /facecreator/node_modules/nan/nan_private.h
- /facecreator/node_modules/node-sass/src/libsass/src/eval.cpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here