Lucene search

UbuntuUSN-220-1

HistoryDec 01, 2005 - 12:00 a.m.

w3c-libwww vulnerability

2005-12-0100:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Releases

Ubuntu 5.10
Ubuntu 5.04
Ubuntu 4.10

Details

Sam Varshavchik discovered several buffer overflows in the
HTBoundary_put_block() function. By sending specially crafted HTTP
multipart/byteranges MIME messages, a malicious HTTP server could
trigger an out of bounds memory access in the libwww library, which
causes the program that uses the library to crash.

OSVersionArchitecturePackageVersionFilename
Ubuntu5.10noarchlibwww0< *UNKNOWN
Ubuntu5.04noarchlibwww0< *UNKNOWN
Ubuntu4.10noarchlibwww0< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	5.10	noarch	libwww0	< *	UNKNOWN
Ubuntu	5.04	noarch	libwww0	< *	UNKNOWN
Ubuntu	4.10	noarch	libwww0	< *	UNKNOWN

References

ubuntu.com/security/CVE-2005-3183

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for USN-220-1