7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.8%
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or
libc6) before 2.21 does not properly consider data-type size during a
risk-management decision for use of the alloca function, which might allow
context-dependent attackers to cause a denial of service (segmentation
violation) or overwrite memory locations beyond the stack boundary via a
long line containing wide characters that are improperly handled in a
wscanf call.
Author | Note |
---|---|
tyhicks | Note that the upstream bug #16618 contains the issue of CVE-2015-1472 and this CVE |
mdeslaur | fixed in same commit as CVE-2015-1472 |