CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
85.3%
CentOS Errata and Security Advisory CESA-2015:2237
The rest library was designed to make it easier to access web services that
claim to be RESTful. A RESTful service should have URLs that represent
remote objects, which methods can then be called on.
It was found that the OAuth implementation in librest, a helper library for
RESTful services, incorrectly truncated the pointer returned by the
rest_proxy_call_get_url call. An attacker could use this flaw to crash an
application using the librest library. (CVE-2015-2675)
All users of rest are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, all applications using librest must be restarted for the update to
take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-November/028865.html
Affected packages:
rest
rest-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2237
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | rest | < 0.7.92-3.el7 | rest-0.7.92-3.el7.i686.rpm |
CentOS | 7 | x86_64 | rest | < 0.7.92-3.el7 | rest-0.7.92-3.el7.x86_64.rpm |
CentOS | 7 | i686 | rest-devel | < 0.7.92-3.el7 | rest-devel-0.7.92-3.el7.i686.rpm |
CentOS | 7 | x86_64 | rest-devel | < 0.7.92-3.el7 | rest-devel-0.7.92-3.el7.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
85.3%