CVE-2015-4646

2017-04-1317:59:00

Debian Security Bug Tracker

security-tracker.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.7%

JSON

(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.

OSVersionArchitecturePackageVersionFilename
Debian12allsquashfs-tools< 1:4.3-2squashfs-tools_1:4.3-2_all.deb
Debian11allsquashfs-tools< 1:4.3-2squashfs-tools_1:4.3-2_all.deb
Debian999allsquashfs-tools< 1:4.3-2squashfs-tools_1:4.3-2_all.deb
Debian13allsquashfs-tools< 1:4.3-2squashfs-tools_1:4.3-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	squashfs-tools	< 1:4.3-2	squashfs-tools_1:4.3-2_all.deb
Debian	11	all	squashfs-tools	< 1:4.3-2	squashfs-tools_1:4.3-2_all.deb
Debian	999	all	squashfs-tools	< 1:4.3-2	squashfs-tools_1:4.3-2_all.deb
Debian	13	all	squashfs-tools	< 1:4.3-2	squashfs-tools_1:4.3-2_all.deb