JVN#46044093
LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)
Overview
LINE for Windows and LINE for Mac OS contain a denial-of-service (DoS) vulnerability.
Products Affected
- LINE for Windows 4.3.0.724 and earlier
- LINE for Mac OS 4.3.1 and earlier
Description
LINE for Windows and LINE for Mac OS contain a denial-of-service (DoS) vulnerability due to an issue in displaying the Timeline.
Impact
By displaying a specially crafted post in Timeline, the product may be abnormally terminated.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
According to the developer, a part of this vulnerability is fixed on the server side. The developer recommends users to update the application to the latest version.
Vendor Status
| Vendor | Link |
| LINE Corporation | [Security Notice] Fixed Vulnerability in LINE for PC (Windows/Mac OS) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2016-1156 |
| JVN iPedia |
JVNDB-2016-000029 |