SB2018112744 - Null pointer dereference in libmspack (Alpine package)
Published: November 27, 2018
Security Bulletin ID
SB2018112744
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Null pointer dereference (CVE-ID: CVE-2018-18585)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to the chmd_read_headers function, as defined in the mspack/chmd.c source code file of the affected software, accepts filenames that have embedded NULL bytes. A remote attacker can trick the victim into accessing a Compiled HTML (CHM) file that submits malicious input to the targeted system, trigger NULL pointer dereference and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=7b7625a81b8571398c20ac7e40ff345e3dfe118c
- https://git.alpinelinux.org/aports/commit/?id=a80261c4dde42201d0c53b6f7297c02b2b441827
- https://git.alpinelinux.org/aports/commit/?id=d1f9356cc16b987133023ad09713a9df00127e16
- https://git.alpinelinux.org/aports/commit/?id=47362d38b04fa0174cb5db3d5ad497bb08657843
- https://git.alpinelinux.org/aports/commit/?id=3a49d88a9384e72b92ad518a7f8cf56dfe1c4513
- https://git.alpinelinux.org/aports/commit/?id=6f862b5f45d6e18068d8e26af441f403f4444e6e
- https://git.alpinelinux.org/aports/commit/?id=c9b4a96edd80dfc0ae4bd6d76202612f6bbd42d7
- https://git.alpinelinux.org/aports/commit/?id=e59fb2371eb8b367558761b562b73e8b1935e498