SB2018031416 - Buffer over-read in curl (Alpine package)
Published: March 14, 2018
Security Bulletin ID
SB2018031416
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer over-read (CVE-ID: CVE-2018-1000122)
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.The weakness exists due to buffer over-read. A remote attacker can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=06d873c35d45649783f1d3393b35034356679424
- https://git.alpinelinux.org/aports/commit/?id=7d31ed74e2b6d74352c9a6f3ab2110c402a28f3a
- https://git.alpinelinux.org/aports/commit/?id=edd0ff244c02b47646e66a1bc5737c6dadee86a5
- https://git.alpinelinux.org/aports/commit/?id=f58c96201b3afe219bd0ba4e66ace7f03452ed29