6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
52.0%
Problem Description:
A programming error in the standard I/O library’s
__sflush() function could erroneously adjust the buffered
stream’s internal state even when no write actually occurred
in the case when write(2) system call returns an error.
Impact:
The accounting mismatch would accumulate, if the caller
does not check for stream status and will eventually lead
to a heap buffer overflow.
Such overflows may lead to data corruption or the execution
of arbitrary code at the privilege level of the calling
program.