SB2019072933 - Out-of-bounds read in libebml (Alpine package)
Published: July 29, 2019
Security Bulletin ID
SB2019072933
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2019-13615)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in EbmlElement::FindNextElement. A remote attacker can perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=b810fa4ee9d4bacadcaf1ccee7d6bf77558114b1
- https://git.alpinelinux.org/aports/commit/?id=68e8e5a367951a4d6f0ed3385521b11ddfc33b86
- https://git.alpinelinux.org/aports/commit/?id=58bab36c06a47119178482ffb0379ab53fe220d6
- https://git.alpinelinux.org/aports/commit/?id=86cb13bd338f8f4a3c69e861d77fbe8140ce5335
- https://git.alpinelinux.org/aports/commit/?id=058d0e6ce2a23a4d6c41cbbdad023451c3088488
- https://git.alpinelinux.org/aports/commit/?id=349bff0f7a1f1816f88cad8613a1667459c5cebd
- https://git.alpinelinux.org/aports/commit/?id=85b74d7f9b430b3190a34443d9155369e5ab4663
- https://git.alpinelinux.org/aports/commit/?id=8bcd5bc463d358d8325127ede13366aac5a75d05