CVE-2018-12088
- Source
- https://cve.org/CVERecord?id=CVE-2018-12088
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12088.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-12088
- Downstream
- Published
- 2018-06-10T23:29:00.220Z
- Modified
- 2026-04-10T04:04:48.874030Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksumbasicmapping function.
- References
Affected packages
Git / github.com/s3ql/s3ql
Affected versions
Other
alpha3
alpha4
dev-release-1.*
dev-release-1.1
dev-release-1.1.2
dev-release-1.1.3
dev-release-1.1.4
release-0.*
release-0.1
release-0.10
release-0.11
release-0.13
release-0.14
release-0.15
release-0.16
release-0.17
release-0.18
release-0.19
release-0.2
release-0.20
release-0.20.1
release-0.21
release-0.24
release-0.25
release-0.26
release-0.27
release-0.28
release-0.29
release-0.3
release-0.30
release-0.4
release-0.43
release-0.5
release-0.6
release-0.7
release-0.8
release-0.9
release-1.*
release-1.10
release-1.11
release-1.11.1
release-1.12
release-1.13
release-1.13.1
release-1.13.2
release-1.14
release-1.2
release-1.3
release-1.4
release-1.7
release-1.8
release-1.8.1
release-1.9
release-2.*
release-2.0b
release-2.10
release-2.10.1
release-2.11
release-2.11.1
release-2.12
release-2.13
release-2.14
release-2.15
release-2.16
release-2.17
release-2.17.1
release-2.18
release-2.19
release-2.1b
release-2.2
release-2.20
release-2.21
release-2.22
release-2.23
release-2.24
release-2.25
release-2.26
release-2.3
release-2.4
release-2.5
release-2.6
release-2.7
release-2.8
release-2.8.1
release-2.9