Integer overflow in Debian Linux - CVE-2017-6308
Published: February 24, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39636
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-6308
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Debian
Affected software:
Debian Linux
Debian Linux
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
How to mitigate CVE-2017-6308
Install update from vendor's website.
Sources
- http://www.debian.org/security/2017/dsa-3798
- http://www.securityfocus.com/bid/96427
- https://github.com/verdammelt/tnef/blob/master/ChangeLog
- https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176
- https://security.gentoo.org/glsa/201708-02
- https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/