Lucene search

K

PRIOn knowledge basePRION:CVE-2015-8776

HistoryApr 19, 2016 - 9:59 p.m.

Code injection

2016-04-1921:59:00

PRIOn knowledge base

www.prio-n.com

6

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.005 Low

EPSS

Percentile

76.8%

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
debian_linuxeq8.0
fedoraeq23
glibcle2.22
opensuseeq13.2
linux_enterprise_debuginfoeq11 sp3
linux_enterprise_debuginfoeq11 sp2
linux_enterprise_debuginfoeq11 sp4

Rows per page:

1-10 of 241

References

lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

rhn.redhat.com/errata/RHSA-2017-0680.html

www.debian.org/security/2016/dsa-3480

www.debian.org/security/2016/dsa-3481

www.openwall.com/lists/oss-security/2016/01/19/11

www.openwall.com/lists/oss-security/2016/01/20/1

www.securityfocus.com/bid/83277

www.ubuntu.com/usn/USN-2985-1

www.ubuntu.com/usn/USN-2985-2

access.redhat.com/errata/RHSA-2017:1916

lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html

security.gentoo.org/glsa/201602-02

security.gentoo.org/glsa/201702-11

sourceware.org/bugzilla/show_bug.cgi?id=18985

www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.005 Low

EPSS

Percentile

76.8%

Related for PRION:CVE-2015-8776

f52 ubuntucve1 veracode1 ibm19 openvas26 nessus27 cve1 debiancve1 oraclelinux4 osv4 centos2 debian5 redhat2 suse9 archlinux2 amazon1 mageia1 fedora1 gentoo2 ubuntu2 cloudfoundry1