CVE-2018-15173

Name
CVE-2018-15173
Description
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit http://code610.blogspot.com/2018/07/crashing-nmap-770.html
Exploit http://code610.blogspot.com/2018/07/crashing-nmap-760.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00067.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html
CONFIRM https://security.netapp.com/advisory/ntap-20200827-0004/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nmap:nmap:*:*:*:*:*:*:*:* nmap >= None <= 7.70

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
nmap edge-main 7.80-r0 None fixed
nmap 3.22-main 7.80-r0 None fixed
nmap 3.21-main 7.80-r0 None fixed
nmap 3.20-main 7.80-r0 None fixed
nmap 3.19-main 7.80-r0 None fixed
nmap 3.18-main 7.80-r0 None fixed
nmap 3.17-main 7.80-r0 None fixed
nmap 3.12-main 7.80-r0 None fixed
nmap 3.11-main 7.80-r0 None fixed
nmap 3.10-main 7.70-r4 Leonardo Arena <rnalrd@alpinelinux.org> fixed