DebianCVELIST:CVE-2015-8980

HistoryNov 04, 2019 - 8:27 p.m.

CVE-2015-8980

2019-11-0420:27:33

debian

www.cve.org

9.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

CNA Affected

[
  {
    "product": "php-gettext",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before 1.0.12"
      }
    ]
  }
]

References

lists.opensuse.org/opensuse-updates/2017-02/msg00015.html

seclists.org/fulldisclosure/2016/Aug/76

www.openwall.com/lists/oss-security/2017/01/18/4

www.securityfocus.com/bid/95754

bugzilla.redhat.com/show_bug.cgi?id=1367462

launchpad.net/php-gettext/trunk/1.0.12

lwn.net/Alerts/708838/