Main Vulnerability Database SB2019072137

SB2019072137 - Resource management error in libcroco (Alpine package)

Published: July 21, 2019

Security Bulletin ID SB2019072137

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2017-8871)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop and CPU consumption in the "cr_parser_parse_selector_core" function, as defined in the "src/cr-parser.c" file . A remote attacker can persuade a user to access a file that submits malicious input to the system and cause a DoS condition.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=53117e88842824a662a82bbaa78ba2cd304de7a4
https://git.alpinelinux.org/aports/commit/?id=1e378edcf6caaa3ed5646459e4c8a47234afa01a
https://git.alpinelinux.org/aports/commit/?id=3753b9e3f39d049e7c6c6664bbed67a0f2bef958
https://git.alpinelinux.org/aports/commit/?id=85c36973699d153bb24ba142388731920ae19b92
https://git.alpinelinux.org/aports/commit/?id=ac4f22e825980b99d4fd80cb49d11ff7be0e3e3a
https://git.alpinelinux.org/aports/commit/?id=fdbea192e0aafd3afbdcd17d061efff9de618664