SB2018033107 - Stack-based buffer overflow in zsh (Alpine package)
Published: March 31, 2018
Security Bulletin ID
SB2018033107
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Stack-based buffer overflow (CVE-ID: CVE-2018-1071)
The vulnerability allows a local attacker to cause DOS condition on the target system.The weakness exists in the exec.c:hashcmd() function due to stack-based buffer overflow. A local attacker can trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3a8ed482dcd4247f15f313716e73ffff476ff2ca
- https://git.alpinelinux.org/aports/commit/?id=af2c3849211f5b0c24e2554e5b9ee07a4ad66d03
- https://git.alpinelinux.org/aports/commit/?id=ed5980a756a61aff37036538eb476cd7920fd95f
- https://git.alpinelinux.org/aports/commit/?id=6c6b294b3615b7956885de09d3d094dad970b4a4
- https://git.alpinelinux.org/aports/commit/?id=baffcd5dd15fe505bf73fb6e16d5161eaea18da6
- https://git.alpinelinux.org/aports/commit/?id=8c0f8e44496c04f7f0f64b71170163e7e66717b4
- https://git.alpinelinux.org/aports/commit/?id=9c28202eac2457a216aee765ce009c610f216e8c