CVE-2019-11476: Integer overflow in whoopsie results in out-of-bounds heap write
First published: Thu Aug 29 2019(Updated: )
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =18.10 | |
| Ubuntu Linux | =19.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =18.10 | |
| Ubuntu | =19.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
- https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863
- https://usn.ubuntu.com/4052-1/
- https://security-tracker.debian.org/tracker/CVE-2019-11476
- https://launchpad.net/bugs/cve/CVE-2019-11476
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11476
- https://nvd.nist.gov/vuln/detail/CVE-2019-11476
- https://ubuntu.com/security/CVE-2019-11476
Frequently Asked Questions
What is the severity of CVE-2019-11476?
The severity of CVE-2019-11476 is classified as critical due to the potential for code execution resulting from an integer overflow.
How do I fix CVE-2019-11476?
To fix CVE-2019-11476, update whoopsie to version 0.2.52.5ubuntu0.1 or later for Ubuntu 16.04, version 0.2.62ubuntu0.1 or later for Ubuntu 18.04, version 0.2.64ubuntu0.1 or later for Ubuntu 18.10, or version 0.2.66 or later for Ubuntu 19.04.
Which versions of Ubuntu are affected by CVE-2019-11476?
Affected versions include Ubuntu 16.04 LTS, 18.04 LTS, 18.10, and 19.04.
What type of vulnerability is CVE-2019-11476?
CVE-2019-11476 is an integer overflow vulnerability that can lead to an out-of-bounds write.
What is the potential impact of CVE-2019-11476?
The potential impact of CVE-2019-11476 includes application crashes and possible code execution in the context of the affected service.
- agent/type
- collector/security-tracker-debian
- source/Debian
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/title
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/author
- collector/nvd-index
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/18.10
- version/ubuntu linux/19.04
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/18.10
- version/ubuntu/19.04