Lucene search

[email protected]CVE-2015-2898

HistoryOct 29, 2015 - 10:59 a.m.

CVE-2015-2898

2015-10-2910:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2898

buffer overflow

remote code execution

medicomp medcin engine

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function.

Affected configurations

NVD

Node

medicompmedcin_engineRange≤2.22.20142.166

CPENameOperatorVersion
medicomp:medcin_enginemedicomp medcin enginele2.22.20142.166

CPE	Name	Operator	Version
medicomp:medcin_engine	medicomp medcin engine	le	2.22.20142.166

References

www.kb.cert.org/vuls/id/675052

www.securifera.com/advisories/CVE-2015-2898-2901/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2015-2898

nvd1 prion1 cvelist1 cert1