UBUNTU-CVE-2018-1000825

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-1000825

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000825.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-1000825

Related

CVE-2018-1000825

Published

2018-12-20T15:29:00Z

Modified

2025-01-13T10:21:51Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.

References

Affected packages

Ubuntu:Pro:16.04:LTS / freecol

Package

Name: freecol
Purl: pkg:deb/ubuntu/freecol@0.11.6+dfsg-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.7+dfsg-4

0.11.6+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / freecol

Package

Name: freecol
Purl: pkg:deb/ubuntu/freecol@0.11.6+dfsg-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.6+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / freecol

Package

Name: freecol
Purl: pkg:deb/ubuntu/freecol@0.11.6+dfsg2-3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.6+dfsg2-3

Affected versions

0.*

0.11.6+dfsg2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.11.6+dfsg2-3",
            "binary_name": "freecol"
        }
    ]
}

Ubuntu:22.04:LTS / freecol

Package

Name: freecol
Purl: pkg:deb/ubuntu/freecol@0.11.6+dfsg2-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.6+dfsg2-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.11.6+dfsg2-3",
            "binary_name": "freecol"
        }
    ]
}