QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12088

Published: Jun 10, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bitbucket.org/nikratio/s3ql/issues/272/t3_verifypy-test_retrieve-sometimes-fails

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/s3ql/4TzCVIMkA4o

x_refsource_CONFIRM

https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.