Heap-based buffer overflow in a2ps (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-6419 |
| CWE-ID | CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
a2ps (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Heap-based buffer overflow
EUVDB-ID: #VU11216
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6419
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A remote attacker can send a specially crafted CHM file, trick the victim into opening it and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationInstall update from vendor's website.
Vulnerable software versionsa2ps (Alpine package): 4.14-r0 - 4.14-r6
CPE2.3- cpe:2.3:a:alpine:a2ps_alpine_package:4.14-r0:*:*:*:*:alpine_linux:*:3.6
- cpe:2.3:a:alpine:a2ps_alpine_package:4.14-r6:*:*:*:*:alpine_linux:*:3.6
https://git.alpinelinux.org/aports/commit/?id=da0d0b246154b83e9095a0067cedf086e9ac8c84
https://git.alpinelinux.org/aports/commit/?id=287dc987d0bfa340aa510b11e2ad691a15b5ea4e
https://git.alpinelinux.org/aports/commit/?id=9538615b581d4d5b661a672dc8585be1cb4a3a7f
https://git.alpinelinux.org/aports/commit/?id=df91fb7832ff98522e5cdd6bf086cd854b7a7046
https://git.alpinelinux.org/aports/commit/?id=214cb233279c7ef0221557f24d0d0af79a46d3b7
https://git.alpinelinux.org/aports/commit/?id=3e3519a996d44c6d478d4e1d47cc6360a93da3c3
https://git.alpinelinux.org/aports/commit/?id=39811d78329ec562d9254e27716bacc363c40d72
https://git.alpinelinux.org/aports/commit/?id=730cdcef6901750f4029d4c3b8639ce02ee3ead1
https://git.alpinelinux.org/aports/commit/?id=827fd04bfad64492bbb0e500fd279c4581a71339
https://git.alpinelinux.org/aports/commit/?id=8bb5cf040a288b92806d60059faa2280eacc51f0
https://git.alpinelinux.org/aports/commit/?id=a7829dcaaa29a8fac465195f1f1b0d6250ec9560
https://git.alpinelinux.org/aports/commit/?id=301eedb0a0341293381c93c75ffe85619910bf9a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
