suse · CVE-2018-16744

Quick triage

Priority: low Published: 2021-05-30 14:16:44 UTC Updated: 2025-05-17 23:28:57 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-16744 severity low: SUSE including 15 source package names (g3utils-1.1.36-28.3.1, g3utils-1.1.36-58.3.1, …), 55 product×package rows across 30 product lines (SUSE Linux Enterprise Desktop 12 SP3, SUSE Linux Enterprise Desktop 12 SP4, … (30 product lines)): Fixed 55.

Description:

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.

cvelogic Threat Intelligence