Unrated severityNVD Advisory· Published Oct 28, 2018· Updated Aug 5, 2024
CVE-2018-18751
CVE-2018-18751
Description
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18- osv-coords17 versionspkg:rpm/almalinux/gettextpkg:rpm/almalinux/gettext-common-develpkg:rpm/almalinux/gettext-develpkg:rpm/almalinux/gettext-libspkg:rpm/opensuse/gettext-csharp&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/gettext-csharp&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/gettext-java&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/gettext-java&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/gettext-runtime&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/gettext-runtime&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/gettext-runtime-mini&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/gettext-runtime-mini&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/gettext-csharp&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/gettext-runtime&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/gettext-runtime&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/gettext-runtime&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gettext-runtime&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 0.19.8.1-17.el8+ 16 more
- (no CPE)range: < 0.19.8.1-17.el8
- (no CPE)range: < 0.19.8.1-17.el8
- (no CPE)range: < 0.19.8.1-17.el8
- (no CPE)range: < 0.19.8.1-17.el8
- (no CPE)range: < 0.19.8.1-lp151.5.3.1
- (no CPE)range: < 0.19.8.1-lp152.6.3.1
- (no CPE)range: < 0.19.8.1-lp151.5.3.1
- (no CPE)range: < 0.19.8.1-lp152.6.3.1
- (no CPE)range: < 0.19.8.1-lp151.5.3.1
- (no CPE)range: < 0.19.8.1-lp152.6.3.1
- (no CPE)range: < 0.19.8.1-lp151.5.3.1
- (no CPE)range: < 0.19.8.1-lp152.6.3.1
- (no CPE)range: < 0.19.8.1-bp151.2.1
- (no CPE)range: < 0.19.8.1-4.8.1
- (no CPE)range: < 0.19.8.1-4.8.1
- (no CPE)range: < 0.19.2-3.3.6
- (no CPE)range: < 0.19.2-3.3.6
Patches
Vulnerability mechanics
References
8- lists.opensuse.org/opensuse-security-announce/2020-08/msg00061.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-08/msg00065.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00025.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:3643mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3815-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3815-2/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/doublefreemitrex_refsource_MISC
- github.com/CCCCCrash/POCs/tree/master/Bin/Tools-gettext-0.19.8.1/heapcorruptionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.