SB2017031719 - Use-after-free error in mariadb (Alpine package)
Published: March 17, 2017
Security Bulletin ID
SB2017031719
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free error (CVE-ID: CVE-2017-3302)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to use-after-free error in the libmysqlclient.so. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=bb3e58d46d4c459703177662c32c9cb954bb06e3
- https://git.alpinelinux.org/aports/commit/?id=28850b3a43930dcaba7ce82fa55bb53853cf412d
- https://git.alpinelinux.org/aports/commit/?id=0af8e020357e06efb024840fcd0c25246bec62db
- https://git.alpinelinux.org/aports/commit/?id=1079181bed96dff7b7fa1d2dc1d5078a74bea57c
- https://git.alpinelinux.org/aports/commit/?id=0e3ca69b1749cd4d06186562a84fb24e7cc4fcaf
- https://git.alpinelinux.org/aports/commit/?id=b50b8e49e231f6726bbc4ffbeb94c0b2d8e51dda
- https://git.alpinelinux.org/aports/commit/?id=417a960f840f84865d1066eceb04f147363cf8a3
- https://git.alpinelinux.org/aports/commit/?id=3c979daea8b4edb2efde9199fe3ef7b4bb31f916