Memory corruption in binutils (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-7569 |
| CWE-ID | CWE-191 CWE-190 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
binutils (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory corruption
EUVDB-ID: #VU11090
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7569
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the dwarf2.c source code file due to the improper processing of crafted Executable and Linkable Format (ELF) files that contain a corrupted DWARF FORM block. A remote attacker can send a specially crafted ELF file, trick the victim into opening it, trigger integer overflow or underflow and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsbinutils (Alpine package): 2.30-r0 - 2.30-r1
External linkshttp://git.alpinelinux.org/aports/commit/?id=6ffa77ed276860186deb48a68d5690ef90fe54c9
http://git.alpinelinux.org/aports/commit/?id=aa6018e26544159c664d5fc6417a787a34445cee
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
