Out-of-bounds read in php5 (Alpine package)



Published: 2017-07-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-9224
CWE-ID CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
php5 (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU7345

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-9224

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the mbstring due to stack out-of-bounds read in match_at() during regular expression searching. A remote attacker can trigger a logical error involving order of validation and access in match_at() and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

php5 (Alpine package): 5.6.30-r0 - 5.6.40-r0


CPE2.3 External links

http://git.alpinelinux.org/aports/commit/?id=4a7ccf578f5caf82b4c9120ac266ff49f245549a
http://git.alpinelinux.org/aports/commit/?id=fa666308ab37b32d9aef124a737b59ebd06a1f7a
http://git.alpinelinux.org/aports/commit/?id=51a3714b5e5cf29bd19d94539add9f98b4a86572
http://git.alpinelinux.org/aports/commit/?id=c85efb30e1a0fd2e5950c1d99484261caa16779c
http://git.alpinelinux.org/aports/commit/?id=5e4dbc0d75238b02e3ad3bd55b5ac3a8b74bab3a
http://git.alpinelinux.org/aports/commit/?id=0bdb67976ff9b2169218a5be5167d7e45f8731ef
http://git.alpinelinux.org/aports/commit/?id=f2c409bcadb97db7ec586e33786caf7534dcb9fc
http://git.alpinelinux.org/aports/commit/?id=1a53597add5f7fe591eb04408ce4c216d5a053a4
http://git.alpinelinux.org/aports/commit/?id=c0c3f19f1930e23311fa082667b07223ee444314
http://git.alpinelinux.org/aports/commit/?id=edfeba70bca7213cd531fdf096a304c973fbf241
http://git.alpinelinux.org/aports/commit/?id=5bc4c8508af2005bd3b07fbc84e18ed4fb6f292c

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###