[Japanese]

JVNDB-2016-000029

LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)

Overview

LINE for Windows and LINE for Mac OS contain a denial-of-service (DoS) vulnerability due to an issue in displaying the Timeline.

Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 3.5 (Low) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


LINE Corporation
  • LINE for Windows 4.3.0.724 and earlier
  • LINE for Mac OS 4.3.1 and earlier

Impact

By displaying a specially crafted post in Timeline, the product may be abnormally terminated.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.

According to the developer, a part of this vulnerability is fixed on the server side. The developer recommends users to update the application to the latest version.
Vendor Information

LINE Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2016-1156
References

  1. JVN : JVN#46044093
  2. National Vulnerability Database (NVD) : CVE-2016-1156
Revision History

  • [2016/02/19]
      Web page was published
    [2016/03/10]
      References : Content was added