PRIOn knowledge basePRION:CVE-2015-2059

HistoryAug 12, 2015 - 2:59 p.m.

Out-of-bounds

2015-08-1214:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

CPENameOperatorVersion
fedoraeq22
fedoraeq21
libidnle1.30
opensuseeq13.1
opensuseeq13.2

Name	Operator	Version
fedora	eq	22
fedora	eq	21
libidn	le	1.30
opensuse	eq	13.1
opensuse	eq	13.2

References

git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279

lists.opensuse.org/opensuse-updates/2015-07/msg00042.html

lists.opensuse.org/opensuse-updates/2016-08/msg00098.html

www.debian.org/security/2016/dsa-3578

www.openwall.com/lists/oss-security/2015/02/23/25

www.securityfocus.com/bid/72736

www.ubuntu.com/usn/USN-3068-1

github.com/jabberd2/jabberd2/issues/85

lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html

lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for PRION:CVE-2015-2059