Heap-based buffer overflow in linux-firmware (Alpine package)

1) Heap-based buffer overflow

EUVDB-ID: #VU10377

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-17969

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method. A remote attacker can trick the victim into opening a specially crafted ZIP archive, trigger memory corruption and out-of-bounds write execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

linux-firmware (Alpine package): All versions

CPE2.3

• cpe:2.3:a:alpine:linux-firmware_alpine_package:*:*:*:*:*:alpine_linux:*:3.8

External links

https://git.alpinelinux.org/aports/commit/?id=8534c21265a404ef97e1d534101899b1abd43fe1
https://git.alpinelinux.org/aports/commit/?id=d2bfb22c8e8f67ad7d8d02704f35ec4d2a19f9b9
https://git.alpinelinux.org/aports/commit/?id=8df17e769fc14be8892c248aa366ad2b872a838e
https://git.alpinelinux.org/aports/commit/?id=b7d5c1819012bd9304cba1ea3d1687e389fa2f5e
https://git.alpinelinux.org/aports/commit/?id=916b50fbdafda4e285e59c6b59805040daee9fce
https://git.alpinelinux.org/aports/commit/?id=1e3620e1d6ab6cfff0d1ebe4600ddc44e5aa614e
https://git.alpinelinux.org/aports/commit/?id=2c5e07e07d00696e93c338f61e2879e2b12a2172

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.