Lucene search

[email protected]CVE-2015-4675

HistoryJun 19, 2015 - 2:59 p.m.

CVE-2015-4675

2015-06-1914:59:03

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-4675

buffer overflow

tiny srp library

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.

Affected configurations

NVD

Node

tinysrp_projecttinysrpRange≤0.7.5

CPENameOperatorVersion
tinysrp_project:tinysrptinysrp project tinysrple0.7.5

CPE	Name	Operator	Version
tinysrp_project:tinysrp	tinysrp project tinysrp	le	0.7.5

References

packetstormsecurity.com/files/132196/TinySRP-Buffer-Overflow.html

seclists.org/fulldisclosure/2015/Jun/21

www.securityfocus.com/bid/75365

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2015-4675

nvd1 prion1 cvelist1