Lucene search

[email protected]CVE-2015-5957

HistorySep 28, 2015 - 8:59 p.m.

CVE-2015-5957

2015-09-2820:59:04

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-5957

remind

buffer overflow

var.c

dumpsysvar

nvd

cybersecurity

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.

Affected configurations

NVD

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

roaring_penguinremindRange≤3.1.14

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.opensuse.org/opensuse-updates/2015-09/msg00025.html

lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html

www.openwall.com/lists/oss-security/2015/07/29/2

www.openwall.com/lists/oss-security/2015/08/07/1

www.securityfocus.com/bid/76099

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2015-5957

ubuntucve1 prion1 debian1 osv1 nessus3 mageia1 nvd1 freebsd1 debiancve1 veracode1 openvas2 cvelist1