Lucene search

[email protected]CVE-2015-8778

HistoryApr 19, 2016 - 9:59 p.m.

CVE-2015-8778

2016-04-1921:59:04

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-8778

gnu c library

glibc

libc6

integer overflow

denial of service

application crash

arbitrary code execution

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.5%

JSON

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch23

Node

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

Node

gnuglibcRange≤2.22

Node

suselinux_enterprise_debuginfoMatch11sp2

suselinux_enterprise_debuginfoMatch11sp3

suselinux_enterprise_debuginfoMatch11sp4

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_desktopMatch11sp4

suselinux_enterprise_desktopMatch12

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_serverMatch11sp2lts

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch11sp3

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12

suselinux_enterprise_software_development_kitMatch12sp1

susesuse_linux_enterprise_serverMatch12

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq23

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	23

References

lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

rhn.redhat.com/errata/RHSA-2017-0680.html

seclists.org/fulldisclosure/2019/Sep/7

www.debian.org/security/2016/dsa-3480

www.debian.org/security/2016/dsa-3481

www.openwall.com/lists/oss-security/2016/01/19/11

www.openwall.com/lists/oss-security/2016/01/20/1

www.securityfocus.com/bid/83275

www.ubuntu.com/usn/USN-2985-1

www.ubuntu.com/usn/USN-2985-2

access.redhat.com/errata/RHSA-2017:1916

seclists.org/bugtraq/2019/Sep/7

security.gentoo.org/glsa/201602-02

security.gentoo.org/glsa/201702-11

sourceware.org/bugzilla/show_bug.cgi?id=18240

www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2015-8778

veracode1 ubuntucve1 cvelist1 f52 debiancve1 nvd1 nessus30 prion1 oraclelinux4 ibm16 osv4 debian5 redhat2 openvas25 centos2 amazon1 archlinux2 suse9 fedora1 mageia1 gentoo2 ubuntu2 cloudfoundry1 packetstorm1