AZL-41848

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41848.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-41848

Upstream

CVE-2018-1000216

Published

2018-08-20T20:29:00Z

Modified

2026-04-21T04:29:20.840343Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2018-1000216 affecting package libglvnd for versions less than 1.7.0-2

Details

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-1000216

Affected packages

Azure Linux:3 / libglvnd

Package

Name: libglvnd
Purl: pkg:rpm/azure-linux/libglvnd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.0-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41848.json"