Integer overflow in musl (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-8859 |
| CWE-ID | CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
musl (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU27333
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8859
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing a large number of states or tags. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmusl (Alpine package): 1.1.11-r4
External linkshttp://git.alpinelinux.org/aports/commit/?id=0b6a132efe437682627b71061785505664bafcca
http://git.alpinelinux.org/aports/commit/?id=0c777cf840e82cdc528651e3f3f8f9dda6b1b028
http://git.alpinelinux.org/aports/commit/?id=4ab7eba8eb2d8ab2ce3b54a8dc9fe958a8685d1d
http://git.alpinelinux.org/aports/commit/?id=5842a9a22c792cfddd48e7946f2a406b76f2c6f3
http://git.alpinelinux.org/aports/commit/?id=c07f44bfbb6aa1722bfc72f99ef20e2fd2a61ee4
http://git.alpinelinux.org/aports/commit/?id=c37c63ea375ed264cb68f2c4f78777cd5892611f
http://git.alpinelinux.org/aports/commit/?id=4e5130b47a0ced3613bc1d8abf615d91c27800de
http://git.alpinelinux.org/aports/commit/?id=83cdd9d4a4daa66a2b19930af1f5bd6cfb5ea6eb
http://git.alpinelinux.org/aports/commit/?id=c5ed73ea9b77dba08b343ca203149474d11e9c51
http://git.alpinelinux.org/aports/commit/?id=ee51f150de283e11fbf83aec8aadcdd8e2a0900e
http://git.alpinelinux.org/aports/commit/?id=f1e1f5ef9da08c15051e7de6d6efbc8ce7ded765
http://git.alpinelinux.org/aports/commit/?id=bd0949275e74148623ab216a65b61466de315d1d
http://git.alpinelinux.org/aports/commit/?id=f23c8c854458f4ed03157bba8603ce1248c34d3a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
