Incomplete Fix for Heap-Based Buffer Over-read in SIMDComp (CVE-2018-17427)

Incomplete Fix for Heap-Based Buffer Over-read in SIMDComp (CVE-2018-17427)

CVE-2018-17854 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.

Learn more about our Web Application Penetration Testing UK.