cvedb.io
CVE-2018-12088
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-06-10T23:29:00.220 · Last modified 2026-06-17T01:37:07.863

Summary

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.

Affected products

s3ql_project — s3ql

Does this affect you?

Add your gear to cvedb and we'll alert you only when s3ql_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.