Stack-based buffer overflow in librelp - CVE-2018-1000140
Published: March 28, 2018
Vulnerability identifier: #VU11306
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2018-1000140
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Rainer Gerhards
Affected software:
librelp
librelp
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists in the relpTcpChkPeerName function due to insufficient validation of X.509 certificates and improper checks on the return value. A remote attacker can send a specially crafted X.509 certificate, trigger stack-based buffer overflow and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the relpTcpChkPeerName function due to insufficient validation of X.509 certificates and improper checks on the return value. A remote attacker can send a specially crafted X.509 certificate, trigger stack-based buffer overflow and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-1000140
Update to version 1.2.15.