Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05cWgyLTZmeGctOW00Z84AAUvJ
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.
Permalink: https://github.com/advisories/GHSA-9qh2-6fxg-9m4gJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cWgyLTZmeGctOW00Z84AAUvJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Identifiers: GHSA-9qh2-6fxg-9m4g, CVE-2018-16982
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16982
- https://github.com/BYVoid/OpenCC/issues/303
- https://github.com/BYVoid/OpenCC/pull/309
- https://github.com/BYVoid/OpenCC/pull/560
- https://github.com/BYVoid/OpenCC/pull/560/commits/e1b8c7949738100e4747dd4109ef1f16e1bd99c4
- https://github.com/BYVoid/OpenCC/commit/4a4f9e58e505fca93605f22363c133df66a91a5e
- https://github.com/advisories/GHSA-9qh2-6fxg-9m4g
Blast Radius: 24.7
Affected Packages
pypi:OpenCC
Dependent packages: 15Dependent repositories: 446
Downloads: 489,060 last month
Affected Version Ranges: < 1.1.2
Fixed in: 1.1.2
All affected versions: 1.1.0, 1.1.1
All unaffected versions: 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7
npm:opencc
Dependent packages: 36Dependent repositories: 70
Downloads: 5,476 last month
Affected Version Ranges: < 1.1.2
Fixed in: 1.1.2
All affected versions: 0.4.0, 0.4.1, 0.4.2, 0.4.3, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.1.1
All unaffected versions: 1.1.2, 1.1.3