SB2017042516 - Buffer overflow in weechat (Alpine package)
Published: April 25, 2017
Security Bulletin ID
SB2017042516
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2017-8073)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to buffer overflow. A remote attacker can send a specially crafted filename via DCC and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3fb2fc4015bfd428e88e89710c3dd89db7d42b82
- https://git.alpinelinux.org/aports/commit/?id=e0d9cb9d6eeb3d5b4e27c091209acedef80f1d9a
- https://git.alpinelinux.org/aports/commit/?id=691f67170e02f0f5f18fb9ccc8ad18eb90708984
- https://git.alpinelinux.org/aports/commit/?id=b57c7764e5e29c3067e38b4b7effa1bd9568fbbb
- https://git.alpinelinux.org/aports/commit/?id=e41383392d2d39602894cf23b808254c34690c40
- https://git.alpinelinux.org/aports/commit/?id=fab6af549d1213f601df6bc7fe0a9aa487ceae72
- https://git.alpinelinux.org/aports/commit/?id=19098c30e6add7847adda7ed8d1e831e32df684b
- https://git.alpinelinux.org/aports/commit/?id=3af7b179e2ed89205d81e4c3febeec9b6cc5310f