SB2018022819 - NULL pointer dereference in patch (Alpine package)
Published: February 28, 2018
Security Bulletin ID
SB2018022819
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2018-6951)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the intuit_diff_type function due to NULL pointer dereference. A remote attacker can cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=38b6dd1c340446b8eb31aefaf5396ba65ca94369
- https://git.alpinelinux.org/aports/commit/?id=858c1e50bc7b69a652bedc684cf06dd025afeeab
- https://git.alpinelinux.org/aports/commit/?id=88e814fbbdb9a9a335964ae6dac9caa730df1cbf
- https://git.alpinelinux.org/aports/commit/?id=49d0c3b8bdfe17d2b541938002f02c38e5c3855a
- https://git.alpinelinux.org/aports/commit/?id=c1e3fa7f5f3303a13a62d5485d7d3c8cc752ecf3
- https://git.alpinelinux.org/aports/commit/?id=28c10738e9619a419831ff97b63548e7d8827022
- https://git.alpinelinux.org/aports/commit/?id=4310bf3835fa8fd644da776342ec67e394bebd8b
- https://git.alpinelinux.org/aports/commit/?id=58fc65d2b14f59efea945f9dc2dc39d9db45d72e
- https://git.alpinelinux.org/aports/commit/?id=7c67371afe718c4bf2e0d7175a1fc590fe7233b7
- https://git.alpinelinux.org/aports/commit/?id=dc24974d63b7bcb54ae350a7cd1536204f230239