Stack-based buffer overflow in udisks2 (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-0004 |
| CWE-ID | CWE-121 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
jansson (Alpine package) Operating systems & Components / Operating system package or component libmodplug (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Stack-based buffer overflow
EUVDB-ID: #VU33096
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2014-0004
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long mount point. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsjansson (Alpine package): 2.4-r1 - 2.7-r1
libmodplug (Alpine package): 0.8.8.4-r0
CPE2.3- cpe:2.3:o:alpine:jansson_alpine_package:2.4-r1:*:*:*:*:alpine_linux:*:2.4
- cpe:2.3:o:alpine:jansson_alpine_package:2.5-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:o:alpine:jansson_alpine_package:2.6-r0:*:*:*:*:alpine_linux:*:2.5
- cpe:2.3:o:alpine:libmodplug_alpine_package:0.8.8.4-r0:*:*:*:*:alpine_linux:*:2.3
https://git.alpinelinux.org/aports/commit/?id=776792b10d23c2543b165a90708ff7ba31abef9e
https://git.alpinelinux.org/aports/commit/?id=b6cba7dd92331547c160ab4b4eb39c92411b00ef
https://git.alpinelinux.org/aports/commit/?id=cbff0ff5f94876e87aefd0814189aef4179301fa
https://git.alpinelinux.org/aports/commit/?id=d971b0568a7b216e9d7e6c258bdc572c670dfbff
https://git.alpinelinux.org/aports/commit/?id=2be93bcc8f6b6da8610f39e322749b00bbf1ca74
https://git.alpinelinux.org/aports/commit/?id=5b5067762b1e1fbe90687b68d89980cd6cdfaf41
https://git.alpinelinux.org/aports/commit/?id=66ee68c41439616d5b36c1e950f8b0755d470b3e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
