Unrated severityNVD Advisory· Published Jun 10, 2018· Updated Sep 16, 2024

CVE-2018-12088

Description

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.

Affected products

Jqhph/S3qlinferred
Range: <2.27
Package: https://pypi.org/project/s3ql
S3ql Project/S3qlllm-fuzzy
Range: <2.27

Patches

Vulnerability mechanics

References

bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020mitrex_refsource_CONFIRM
bitbucket.org/nikratio/s3ql/issues/272/t3_verifypy-test_retrieve-sometimes-failsmitrex_refsource_CONFIRM
groups.google.com/forum/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000