Stack out-of-bounds read in file (Alpine package)

1) Stack out-of-bounds read

EUVDB-ID: #VU17829

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-8904

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to stack-based buffer over-read in the do_core_note function, as defined in the readelf.c source code file. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the file command, trigger memory corruption and gain access to arbitrary data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

file (Alpine package): 5.35-r0

External links

http://git.alpinelinux.org/aports/commit/?id=6d181d271ac91ff2d8302855abd03d6a2be5dc27
http://git.alpinelinux.org/aports/commit/?id=9e177e38d94223a06ed62c20ac5ba1e4c0fecf1c
http://git.alpinelinux.org/aports/commit/?id=dc538f4f70353a02d01dac905fb662412befffbe
http://git.alpinelinux.org/aports/commit/?id=33bd61f256dd1826d6a7df5ebb8a9e2fc1125ce1
http://git.alpinelinux.org/aports/commit/?id=867138742023dde9397648e41743a9173432a7b2
http://git.alpinelinux.org/aports/commit/?id=8b903beb77c68c97ba0aa36e58b6750edc06ca78
http://git.alpinelinux.org/aports/commit/?id=27d87cf2365bff16337278a4e93a16df7f33f2e4

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.