Lucene search

CertccCVE-2015-2869

HistoryJul 21, 2015 - 3:59 p.m.

CVE-2015-2869

2015-07-2115:59:00

CWE-119

certcc

web.nvd.nist.gov

cve-2015-2869

ghisler total commander

fileinfo plugin

denial of service

out-of-bounds read

application crash

coff archive library

linear executable

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.024

Percentile

89.9%

JSON

The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file, (3) a large Resource Table Count value in the LE Header of a Linear Executable file, or (4) a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.

Affected configurations

Nvd

Node

ghislertotal_commanderRange≤2.2.1

VendorProductVersionCPE
ghislertotal_commander*cpe:2.3:a:ghisler:total_commander:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ghisler	total_commander	*	cpe:2.3:a:ghisler:total_commander::::::::

References

blogs.cisco.com/security/talos/fileinfo-plugin-dos

totalcmd.net/plugring/fileinfo.html

www.kb.cert.org/vuls/id/813631

www.securityfocus.com/bid/75955

www.securitytracker.com/id/1033004

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.024

Percentile

89.9%

JSON

Related for CVE-2015-2869