Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-14682 |
CWE-ID | CWE-121 |
Exploitation vector | Local |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
clamav (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU14160
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-14682
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to stack-based buffer overflow in the tolower macro, as defined in the mspack/chmd.c source code file. A local attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsclamav (Alpine package): 0.97.3-r0 - 0.100.1-r1
External linkshttp://git.alpinelinux.org/aports/commit/?id=5412962cc2f34d4bb2f2996918e1384eda223946
http://git.alpinelinux.org/aports/commit/?id=b34c6efbc0f5941d4099a372533f14885013e380
http://git.alpinelinux.org/aports/commit/?id=be88110b3119e3783d97ab6f259ad7b346dc6203
http://git.alpinelinux.org/aports/commit/?id=fdb3e21e9339a763b32a76726cb3ee43fd4e8772
http://git.alpinelinux.org/aports/commit/?id=16c239033cd6df0b08dd57960724a9940cceba82
http://git.alpinelinux.org/aports/commit/?id=214cb233279c7ef0221557f24d0d0af79a46d3b7
http://git.alpinelinux.org/aports/commit/?id=3e3519a996d44c6d478d4e1d47cc6360a93da3c3
http://git.alpinelinux.org/aports/commit/?id=babf8851105592d4bc46ac85ef56f396f9e76c9f
http://git.alpinelinux.org/aports/commit/?id=c854dba4b5bde88f1673002621ab2bb8e0f66d4b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.