CVE-2018-18385 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-18385 Interim 1 41 2025-05-01T01:07:27Z current 2021-05-30T14:17:59Z 2025-05-01T01:07:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-18385 Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.5 SUSE Enterprise Storage 7 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Server Business Critical Linux 15 SP2 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Retail Branch Server 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Server 4.1 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 ruby2.1-rubygem-asciidoctor ruby2.5-rubygem-asciidoctor rubygem-asciidoctor rubygem-asciidoctor as a component of SUSE CaaS Platform 4.5 rubygem-asciidoctor as a component of SUSE Enterprise Storage 7 ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS rubygem-asciidoctor as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS rubygem-asciidoctor as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 rubygem-asciidoctor as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 rubygem-asciidoctor as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 rubygem-asciidoctor as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise Real Time 15 SP2 rubygem-asciidoctor as a component of SUSE Linux Enterprise Real Time 15 SP2 ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise Server 15 SP2-LTSS rubygem-asciidoctor as a component of SUSE Linux Enterprise Server 15 SP2-LTSS rubygem-asciidoctor as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP2 ruby2.5-rubygem-asciidoctor as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 rubygem-asciidoctor as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 ruby2.1-rubygem-asciidoctor as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 rubygem-asciidoctor as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 rubygem-asciidoctor as a component of SUSE Manager Proxy 4.1 rubygem-asciidoctor as a component of SUSE Manager Retail Branch Server 4.1 rubygem-asciidoctor as a component of SUSE Manager Server 4.1 Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop. CVE-2018-18385 SUSE CaaS Platform 4.5:rubygem-asciidoctor SUSE Enterprise Storage 7:rubygem-asciidoctor SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:rubygem-asciidoctor SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:rubygem-asciidoctor SUSE Linux Enterprise Module for Development Tools 15 SP3:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise Module for Development Tools 15 SP3:rubygem-asciidoctor SUSE Linux Enterprise Module for Development Tools 15 SP4:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise Module for Development Tools 15 SP4:rubygem-asciidoctor SUSE Linux Enterprise Module for Development Tools 15 SP5:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise Module for Development Tools 15 SP5:rubygem-asciidoctor SUSE Linux Enterprise Real Time 15 SP2:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise Real Time 15 SP2:rubygem-asciidoctor SUSE Linux Enterprise Server 15 SP2-LTSS:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise Server 15 SP2-LTSS:rubygem-asciidoctor SUSE Linux Enterprise Server Business Critical Linux 15 SP2:rubygem-asciidoctor SUSE Linux Enterprise Server for SAP Applications 15 SP2:ruby2.5-rubygem-asciidoctor SUSE Linux Enterprise Server for SAP Applications 15 SP2:rubygem-asciidoctor SUSE Manager Proxy 4.1:rubygem-asciidoctor SUSE Manager Retail Branch Server 4.1:rubygem-asciidoctor SUSE Manager Server 4.1:rubygem-asciidoctor moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H