Lucene search

[email protected]CVE-2015-8776

HistoryApr 19, 2016 - 9:59 p.m.

CVE-2015-8776

2016-04-1921:59:04

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-8776

glibc

libc6

strftime function

denial of service

sensitive information

out-of-range time value

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

Affected configurations

NVD

Node

suselinux_enterprise_debuginfoMatch11sp2

suselinux_enterprise_debuginfoMatch11sp3

suselinux_enterprise_debuginfoMatch11sp4

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_desktopMatch11sp4

suselinux_enterprise_desktopMatch12

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_serverMatch11sp2ltss

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch11sp3

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12

suselinux_enterprise_software_development_kitMatch12sp1

susesuse_linux_enterprise_serverMatch12

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

Node

debiandebian_linuxMatch8.0

Node

fedoraprojectfedoraMatch23

Node

gnuglibcRange≤2.22

CPENameOperatorVersion
suse:linux_enterprise_debuginfosuse linux enterprise debuginfoeq11
opensuse:opensuseopensuseeq13.2
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_desktopsuse linux enterprise desktopeq12
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_serversuse linux enterprise servereq12
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq11
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq12
suse:suse_linux_enterprise_serversuse suse linux enterprise servereq12

CPE	Name	Operator	Version
suse:linux_enterprise_debuginfo	suse linux enterprise debuginfo	eq	11
opensuse:opensuse	opensuse	eq	13.2
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	12
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	12
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	11
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	12
suse:suse_linux_enterprise_server	suse suse linux enterprise server	eq	12