Lucene search

FreeBSDF1BF28C5-D447-11E5-B2BD-002590263BF5

HistoryOct 08, 2014 - 12:00 a.m.

xdelta3 -- buffer overflow vulnerability

2014-10-0800:00:00

vuxml.freebsd.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.046

Percentile

92.6%

JSON

Stepan Golosunov reports:

Buffer overflow was found and fixed in xdelta3 binary diff tool
that allows arbitrary code execution from input files at least on
some systems.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchxdelta3< 3.0.9,1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	xdelta3	< 3.0.9,1	UNKNOWN

References

www.openwall.com/lists/oss-security/2016/02/08/1

github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.046

Percentile

92.6%

JSON

Related for F1BF28C5-D447-11E5-B2BD-002590263BF5