USN-4828-1: librelp vulnerability
First published: Mon Mar 15 2021(Updated: )
It was discovered that librelp did not properly manage x509 certificates, leading to a stack-based buffer overflow. A remote attacker could possibly use this issue to execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/librelp0 | <1.2.14-3ubuntu0.1~esm1 | 1.2.14-3ubuntu0.1~esm1 |
| =18.04 | ||
| All of | ||
| ubuntu/librelp0 | <1.2.9-1ubuntu0.1~esm1 | 1.2.9-1ubuntu0.1~esm1 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is USN-4828-1.
What is the severity of USN-4828-1?
The severity of USN-4828-1 is high.
Which software is affected by USN-4828-1?
The librelp0 package with versions 1.2.14-3ubuntu0.1~esm1 and 1.2.9-1ubuntu0.1~esm1 is affected.
How can a remote attacker exploit USN-4828-1?
A remote attacker can exploit USN-4828-1 by using a stack-based buffer overflow to execute arbitrary code.
Where can I find more information about the USN-4828-1 vulnerability?
You can find more information about the USN-4828-1 vulnerability on the Ubuntu Security Notices website.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-3612-1
- agent/software-canonical-lookup
- agent/event
- agent/title
- agent/tags
- agent/description
- agent/weakness
- agent/references
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04