SB2019080759 - Out-of-bounds write in musl (Alpine package)
Published: August 7, 2019
Security Bulletin ID
SB2019080759
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2019-14697)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0b6a132efe437682627b71061785505664bafcca
- https://git.alpinelinux.org/aports/commit/?id=0c777cf840e82cdc528651e3f3f8f9dda6b1b028
- https://git.alpinelinux.org/aports/commit/?id=4ab7eba8eb2d8ab2ce3b54a8dc9fe958a8685d1d
- https://git.alpinelinux.org/aports/commit/?id=5842a9a22c792cfddd48e7946f2a406b76f2c6f3
- https://git.alpinelinux.org/aports/commit/?id=c07f44bfbb6aa1722bfc72f99ef20e2fd2a61ee4
- https://git.alpinelinux.org/aports/commit/?id=c37c63ea375ed264cb68f2c4f78777cd5892611f