SB2020052727 - Out-of-bounds write in json-c (Alpine package)
Published: May 27, 2020
Security Bulletin ID
SB2020052727
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2020-12762)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "printbuf_memappend". A remote attacker can create a specially crafted JSON file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1521ea69211afec5bb5df602fdaa46a386fff560
- https://git.alpinelinux.org/aports/commit/?id=41324979d78576f49133c5a636043f53ea0db823
- https://git.alpinelinux.org/aports/commit/?id=f1c627ea77bf1ce0e01d2683b6c3b71443e800fb
- https://git.alpinelinux.org/aports/commit/?id=f61203451f6117ba48c80f153b51a87f3ee9cc84
- https://git.alpinelinux.org/aports/commit/?id=d378948d72aafb68e0f6ee3abbadfbd33ceda2fa