CVE-2018-1000661

{"id": "CVE-2018-1000661", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-09-06T17:29:01.190", "references": [{"url": "https://jsish.org/fossil/jsi/tktview/2adeb066894695b38309d92771aea11c8e0a56a8", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jsish.org/fossil/jsi/tktview/2adeb066894695b38309d92771aea11c8e0a56a8", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69."}, {"lang": "es", "value": "jsish 2.4.67 contiene una vulnerabilidad de desreferencia de puntero NULL (CWE-476) en Jsi_LogMsg (jsiUtils.c:196) que puede resultar en un cierre inesperado debido a un fallo de segmentaci\u00f3n. El ataque parece ser explotable si una v\u00edctima ejecuta c\u00f3digo JavaScript especialmente manipulado. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 2.4.69."}], "lastModified": "2024-11-21T03:40:21.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jsish:jsish:2.4.67:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "290043FD-D941-434D-AD6D-A243D6F9F164"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}