SB2018100816 - Out-of-bounds write in libx11 (Alpine package)
Published: October 8, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2018-14600)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to out-of-bounds write when handling malicious input. A remote unauthenticated attacker can trick the victim into opening a specially crafted data, trigger memory corruption and execute arbitrary code on the target X client.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=96b4ffd87fea35a16d73bdf288b2dcbe5d15bc82
- https://git.alpinelinux.org/aports/commit/?id=bcd0f76d147745372d23b1840ff44b000c95bd81
- https://git.alpinelinux.org/aports/commit/?id=d7c441ba3f0fdfc555c09ca51f315ba46459eaa4
- https://git.alpinelinux.org/aports/commit/?id=e9064e9114d515f0f789828a1b8c7390c135f541
- https://git.alpinelinux.org/aports/commit/?id=f673b89cd43dc3fe12a443558e82318ed03fb6ef