trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.

- update to 3.2.2

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Fix for CVE-2018-14447.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An out of bound read was discoverd in libConfuse, a configuration file parser library.

CVE-2018-14447

An out of bound read in trim_whitespace, fixed thanks to Sebastian Roland <seroland86@gmail.com>.

For Debian 8 'Jessie', this problem has been fixed in version 2.7-5+deb8u1.

We recommend that you upgrade your confuse packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
122108	Fedora 28 : mingw-libconfuse (2019-a8f918005c)	Nessus	Fedora Local Security Checks	high
122107	Fedora 29 : mingw-libconfuse (2019-9ccbbfeae1)	Nessus	Fedora Local Security Checks	high
120737	Fedora 29 : libconfuse (2018-b9abc6acde)	Nessus	Fedora Local Security Checks	high
120522	Fedora 28 : libconfuse (2018-713f4ce1c7)	Nessus	Fedora Local Security Checks	high
119107	Fedora 27 : libconfuse (2018-291f75cf0f)	Nessus	Fedora Local Security Checks	high
111983	Debian DLA-1470-1 : confuse security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2018-14447

high

Tenable Plugins

high

high

high

high

high

high