Lucene search

[email protected]NVD:CVE-2015-8778

HistoryApr 19, 2016 - 9:59 p.m.

CVE-2015-8778

2016-04-1921:59:04

CWE-119

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.5%

JSON

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch23

Node

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

Node

gnuglibcRange≤2.22

Node

suselinux_enterprise_debuginfoMatch11sp2

suselinux_enterprise_debuginfoMatch11sp3

suselinux_enterprise_debuginfoMatch11sp4

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_desktopMatch11sp4

suselinux_enterprise_desktopMatch12

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_serverMatch11sp2lts

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch11sp3

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12

suselinux_enterprise_software_development_kitMatch12sp1

susesuse_linux_enterprise_serverMatch12

References

lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

rhn.redhat.com/errata/RHSA-2017-0680.html

seclists.org/fulldisclosure/2019/Sep/7

www.debian.org/security/2016/dsa-3480

www.debian.org/security/2016/dsa-3481

www.openwall.com/lists/oss-security/2016/01/19/11

www.openwall.com/lists/oss-security/2016/01/20/1

www.securityfocus.com/bid/83275

www.ubuntu.com/usn/USN-2985-1

www.ubuntu.com/usn/USN-2985-2

access.redhat.com/errata/RHSA-2017:1916

seclists.org/bugtraq/2019/Sep/7

security.gentoo.org/glsa/201602-02

security.gentoo.org/glsa/201702-11

sourceware.org/bugzilla/show_bug.cgi?id=18240

www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.5%

JSON

Related for NVD:CVE-2015-8778

prion1 ubuntucve1 cvelist1 f52 cve1 debiancve1 veracode1 nessus30 oraclelinux4 ibm16 debian5 redhat2 openvas25 centos2 osv4 amazon1 archlinux2 suse9 fedora1 mageia1 gentoo2 cloudfoundry1 ubuntu2 packetstorm1