SB2018050907 - Buffer overflow in gnutls (Alpine package)
Published: May 9, 2018
Security Bulletin ID
SB2018050907
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2019-3836)
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to uninitialized pointer access when processing TLS1.3 asynchronous messages. A remote attacker can pass specially crafted asynchronous post-handshake message, trigger memory corruption and perform denial of service attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=8cf8b1ca80440667bb00d77c8fdb879231748e74
- https://git.alpinelinux.org/aports/commit/?id=8d1333f083ad221103d350e18192f5b9f02d5fae
- https://git.alpinelinux.org/aports/commit/?id=dbcc36c66155b96dcc492f442827bf7d7e70ff4c
- https://git.alpinelinux.org/aports/commit/?id=4a0c4741e713ac2f2bff164ee6290e2b05b38337
- https://git.alpinelinux.org/aports/commit/?id=bf7ea3ddcb2fbbdd123dc032ad0390f251a53021
- https://git.alpinelinux.org/aports/commit/?id=76044ac91c53d083aafd7f87c0ec5464f5889409
- https://git.alpinelinux.org/aports/commit/?id=2f02bc7f5785389fb0c0cc36af4373031eab4cdf
- https://git.alpinelinux.org/aports/commit/?id=01f27c1c355b7c50b3e68c6348f1d2d3ee27b2e2
- https://git.alpinelinux.org/aports/commit/?id=5fbec35783cdcd6466d659d24270129ee8dd5e4c
- https://git.alpinelinux.org/aports/commit/?id=697b8b651803084fa8049221716ea4cc2caedaf2
- https://git.alpinelinux.org/aports/commit/?id=ff3bd82d90d2e9b5d9ae6eb6bd55659ee8d560ff
- https://git.alpinelinux.org/aports/commit/?id=dcfba7f9908f92103eca3e4ff7adf1e4367544b7