9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.0%
Problem Description:
For line-buffered streams the __sflush() function did not
correctly update the FILE object’s write space member when the
write(2) system call returns an error.
Impact:
Depending on the nature of an application that calls libc’s
stdio functions and the presence of errors returned from the write(2)
system call (or an overridden stdio write routine) a heap buffer
overfly may occur. Such overflows may lead to data corruption or
the execution of arbitrary code at the privilege level of the calling
program.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.0%