PRIOn knowledge basePRION:CVE-2015-0886

HistoryFeb 28, 2015 - 2:59 a.m.

Integer overflow

2015-02-2802:59:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.6%

JSON

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

CPENameOperatorVersion
fedoraeq22
fedoraeq20
fedoraeq21
jbcryptlt0.4

Name	Operator	Version
fedora	eq	22
fedora	eq	20
fedora	eq	21
jbcrypt	lt	0.4

References

jvn.jp/en/jp/JVN77718330/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000033

www.mindrot.org/projects/jBCrypt/news/rel04.html

bugzilla.mindrot.org/show_bug.cgi?id=2097

lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170b6ec317383a1cf06090c2c717aa@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/rd5c2256b8dc9935e4bb5e9be90adce58408054bb42523730a40c5548@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/re330cfe9e5d84e3f7da8ace23ec32f38cb3fbd328bf177badd7ad942@%3Ccommits.cassandra.apache.org%3E

lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.html

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for PRION:CVE-2015-0886