[Japanese]

JVNDB-2016-000029

LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)

Overview

LINE for Windows and LINE for Mac OS contain a denial-of-service (DoS) vulnerability due to an issue in displaying the Timeline.

Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial

CVSS V3 Severity:
Base Metrics: 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low
Affected Products


LINE Corporation
  • LINE for Windows 4.3.0.724 and earlier
  • LINE for Mac OS 4.3.1 and earlier

Impact

By displaying a specially crafted post in Timeline, the product may be abnormally terminated.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.

According to the developer, a part of this vulnerability is fixed on the server side. The developer recommends users to update the application to the latest version.
Vendor Information

LINE Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2016-1156
References

  1. JVN : JVN#46044093
  2. National Vulnerability Database (NVD) : CVE-2016-1156
Revision History

[2016/02/19]
  Web page was published
[2016/03/10]
  References : Content was added