CVE-2015-7219

2015-12-1611:59:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-7219

http/2

mozilla firefox

denial of service

integer underflow

assertion failure

application exit

pushpromise frame

memory allocation

8.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.046 Low

EPSS

Percentile

92.6%

JSON

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
mozilla:firefoxmozilla firefoxle42.0
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq23

CPE	Name	Operator	Version
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
mozilla:firefox	mozilla firefox	le	42.0
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	23