Double Free in patch (Alpine package)

1) Double Free

EUVDB-ID: #VU18323

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-6952

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing untrusted input within the another_hunk() function in pch.c. A remote attacker can create a specially crafted file, trick the victim into using in with the affected application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

patch (Alpine package): 2.7.5-r3

CPE2.3

• cpe:2.3:o:alpine:patch_alpine_package:2.7.5-r3:*:*:*:*:alpine_linux:*:3.6

External links

https://git.alpinelinux.org/aports/commit/?id=a7c5a8cafae8eb123b5026d0c83f1af99caac728
https://git.alpinelinux.org/aports/commit/?id=f1460ec84b8cffa5d8fa79602ad97642452e5e5c
https://git.alpinelinux.org/aports/commit/?id=38b6dd1c340446b8eb31aefaf5396ba65ca94369
https://git.alpinelinux.org/aports/commit/?id=858c1e50bc7b69a652bedc684cf06dd025afeeab
https://git.alpinelinux.org/aports/commit/?id=88e814fbbdb9a9a335964ae6dac9caa730df1cbf
https://git.alpinelinux.org/aports/commit/?id=49d0c3b8bdfe17d2b541938002f02c38e5c3855a

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.