Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-18585 |
CWE-ID | CWE-476 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
libmspack (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU15908
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18585
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to the chmd_read_headers function, as defined in the mspack/chmd.c source code file of the affected software, accepts filenames that have embedded NULL bytes. A remote attacker can trick the victim into accessing a Compiled HTML (CHM) file that submits malicious input to the targeted system, trigger NULL pointer dereference and cause the service to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionslibmspack (Alpine package): 0.7.1_alpha-r0 - 0.8_alpha-r0-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=7b7625a81b8571398c20ac7e40ff345e3dfe118c
http://git.alpinelinux.org/aports/commit/?id=a80261c4dde42201d0c53b6f7297c02b2b441827
http://git.alpinelinux.org/aports/commit/?id=d1f9356cc16b987133023ad09713a9df00127e16
http://git.alpinelinux.org/aports/commit/?id=47362d38b04fa0174cb5db3d5ad497bb08657843
http://git.alpinelinux.org/aports/commit/?id=3a49d88a9384e72b92ad518a7f8cf56dfe1c4513
http://git.alpinelinux.org/aports/commit/?id=6f862b5f45d6e18068d8e26af441f403f4444e6e
http://git.alpinelinux.org/aports/commit/?id=c9b4a96edd80dfc0ae4bd6d76202612f6bbd42d7
http://git.alpinelinux.org/aports/commit/?id=e59fb2371eb8b367558761b562b73e8b1935e498
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.