SB2019050310 - Input validation error in znc (Alpine package)
Published: May 3, 2019
Security Bulletin ID
SB2019050310
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2019-9917)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted message in incorrect encoding and cause the application to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9f597246c67939eeee73b2e42c904193c37d14b1
- https://git.alpinelinux.org/aports/commit/?id=5524d0802e01fb342f5903cf764bc02a3cf001e0
- https://git.alpinelinux.org/aports/commit/?id=bbe0e7a47c997626ab5531f35346431f28b947bd
- https://git.alpinelinux.org/aports/commit/?id=5ba4ab63dba572def02e384a6ce330f7fe18aaf7
- https://git.alpinelinux.org/aports/commit/?id=31a764089f1e1bb0df223c191bfea1d1ae51ca7f
- https://git.alpinelinux.org/aports/commit/?id=16956b90ab430f1836112c44807b832d8f520760
- https://git.alpinelinux.org/aports/commit/?id=0fec0a0abada9125f1b853d55225ac39a0b3da5c