Out-of-bounds write in cabextract (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-18584 |
| CWE-ID | CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
cabextract (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU15530
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18584
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the mspack/cab.h source code file due to Microsoft cabinet file (CAB) with a Quantum-compressed block of exactly 38,912 B will write 1 B beyond the end of the input buffer. when handling malicious input. A remote unauthenticated attacker can trick the victim into accessing of a CAB file that submits malicious input to the targeted system, trigger an out-of-bounds write condition and cause the application to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionscabextract (Alpine package): 1.2-r0 - 1.7-r0
cabextract (Alpine package):
External linkshttp://git.alpinelinux.org/aports/commit/?id=7b7625a81b8571398c20ac7e40ff345e3dfe118c
http://git.alpinelinux.org/aports/commit/?id=a80261c4dde42201d0c53b6f7297c02b2b441827
http://git.alpinelinux.org/aports/commit/?id=d1f9356cc16b987133023ad09713a9df00127e16
http://git.alpinelinux.org/aports/commit/?id=47362d38b04fa0174cb5db3d5ad497bb08657843
http://git.alpinelinux.org/aports/commit/?id=41ab224df12b8487004a1522b4f671680c082954
http://git.alpinelinux.org/aports/commit/?id=3e81c78c41ae5247fda18a07e5186837952f48e0
http://git.alpinelinux.org/aports/commit/?id=44680c6a146adc9a0693dee25a3ee2c8ee1c0454
http://git.alpinelinux.org/aports/commit/?id=e8f847c14d6cb2d5b5143f9c3bcba2909cc97f12
http://git.alpinelinux.org/aports/commit/?id=29090376740960c8fddad4dcfb79f3c483c09de3
http://git.alpinelinux.org/aports/commit/?id=83b5b66bc9ae967c7b0661e8e6f554f3885a131a
http://git.alpinelinux.org/aports/commit/?id=4526ec8f4aeea391047b32250ad474d58451c9e5
http://git.alpinelinux.org/aports/commit/?id=4edf9b0a6836a75eaabe7e1f1cbd0c0238cb15f0
http://git.alpinelinux.org/aports/commit/?id=754798d284c11d83e7599ce5e4e0caba33700058
http://git.alpinelinux.org/aports/commit/?id=fc7bb618072f1aabf4ffcb4db9fe492317d4a723
http://git.alpinelinux.org/aports/commit/?id=3a49d88a9384e72b92ad518a7f8cf56dfe1c4513
http://git.alpinelinux.org/aports/commit/?id=6f862b5f45d6e18068d8e26af441f403f4444e6e
http://git.alpinelinux.org/aports/commit/?id=c9b4a96edd80dfc0ae4bd6d76202612f6bbd42d7
http://git.alpinelinux.org/aports/commit/?id=e59fb2371eb8b367558761b562b73e8b1935e498
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
