Main Vulnerability Database SB2017021720

SB2017021720 - Input validation error in expat (Alpine package)

Published: February 17, 2017

Security Bulletin ID SB2017021720

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2016-5300)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (CPU consumption) via crafted identifiers in an XML document.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=3398d0ddc84d9ea72d7d1148f3b2d6f68fcc3fb9
https://git.alpinelinux.org/aports/commit/?id=cf9050ddbc5aa756ba9d85f58bd9a2ab28141a61
https://git.alpinelinux.org/aports/commit/?id=f601fbb6d0b7568c0b3c2c9e59c19d57bb89c6a4