CVE-2015-5185

2015-09-2820:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-5185

sblim-sfcb

denial of service

null pointer dereference

application crash

security vulnerability

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
standards_based_linux_instrumentation:sblim-sfcbstandards based linux instrumentation sblim-sfcbeq1.3.18
standards_based_linux_instrumentation:sblim-sfcbstandards based linux instrumentation sblim-sfcbeq1.3.4

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
standards_based_linux_instrumentation:sblim-sfcb	standards based linux instrumentation sblim-sfcb	eq	1.3.18
standards_based_linux_instrumentation:sblim-sfcb	standards based linux instrumentation sblim-sfcb	eq	1.3.4