#VU16613 Buffer overflow in Red Hat Enterprise Linux for x86_64
Vulnerability identifier: #VU16613
Vulnerability risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-120
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Red Hat Enterprise Linux for x86_64
Operating systems & Components /
Operating system
Vendor: Red Hat Inc.
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to boundary error when handling malicious input. A remote unauthenticated attacker can supply specially crafted input, trigger memory corruption and assertion error when debug log level is 10 to cause the service to crash.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Red Hat Enterprise Linux for x86_64: 5 - 7.0
External links
http://access.redhat.com/security/cve/cve-2018-5742
http://www.openwall.com/lists/oss-security/2018/12/19/6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
