SB2017120746 - Memory leak in samba (Alpine package)
Published: December 7, 2017
Security Bulletin ID
SB2017120746
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Memory leak (CVE-ID: CVE-2017-15275)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to access potentially sensitive information.
The vulnerability exists due to uncleared heap memory is sent to the client. A remote attacker can obtain potentially sensitive information and use it in further attacks.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=6245a2ceb9dc360ca5f8beb4419ea14952923a37
- https://git.alpinelinux.org/aports/commit/?id=009040103407533ea980becb5012c7d386900453
- https://git.alpinelinux.org/aports/commit/?id=9bc23b7dcfc97e7686a3bf86040af5b192e3cd52
- https://git.alpinelinux.org/aports/commit/?id=8b1320cfb5bc14ab3b588a3fb25b4b80d6f4fb39