SB2018052912 - Improper input validation in git (Alpine package)
Published: May 29, 2018
Security Bulletin ID
SB2018052912
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2018-11233)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to input validation flaw in processing path names on NTFS-based systems. A remote attacker can supply specially crafted path names and read random memory contents.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=ea3990cd0687edafc25536e68714ea13337c5e51
- https://git.alpinelinux.org/aports/commit/?id=91e3602c316e1e7e7ef150e9f98a386925552239
- https://git.alpinelinux.org/aports/commit/?id=a12cc12667b5ffe101c16534806dce817f5e8e32
- https://git.alpinelinux.org/aports/commit/?id=58b4a531b78ab8c0f877521a48ff6c54980277ff
- https://git.alpinelinux.org/aports/commit/?id=8c7a4f5f107698302d67ba95d8ebf5022855e045
- https://git.alpinelinux.org/aports/commit/?id=e0ee9a69e833dd498d3d25896fdf2da136367e14
- https://git.alpinelinux.org/aports/commit/?id=e5c4b4ca61e14d21c86912b5bd7a4908049fb4d1
- https://git.alpinelinux.org/aports/commit/?id=6afe8a2fd5cf1fa95844bcb4ac67faf94610eb26
- https://git.alpinelinux.org/aports/commit/?id=e0fb9baaeeef25cddfce12cf8e7d3c09e93e05ee