SB2018052012 - NULL pointer dereference in sqlite (Alpine package)
Published: May 20, 2018
Security Bulletin ID
SB2018052012
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2018-8740)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists in the build.c and prepare.c source codes files due to NULL pointer dereference. A remote attacker can cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=91728ec7bae0fc5f0a2669ad3d8edcdb8f37e4ac
- https://git.alpinelinux.org/aports/commit/?id=11eca5b8a2cd0293d87aa138d0d770d5ed7a8633
- https://git.alpinelinux.org/aports/commit/?id=92db8b0b685471815884b704570490e59d09c3b8
- https://git.alpinelinux.org/aports/commit/?id=72ea79317092a5da8c8093aca34210c3c371fddc
- https://git.alpinelinux.org/aports/commit/?id=2139b18fd016ecf402df8e977dff0cb3999d64ff