Lucene search

K

PRIOn knowledge basePRION:CVE-2015-8778

HistoryApr 19, 2016 - 9:59 p.m.

Integer overflow

2016-04-1921:59:00

PRIOn knowledge base

www.prio-n.com

3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.7%

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
debian_linuxeq8.0
fedoraeq23
glibcle2.22
opensuseeq13.2
linux_enterprise_debuginfoeq11 sp3
linux_enterprise_debuginfoeq11 sp2
linux_enterprise_debuginfoeq11 sp4

Rows per page:

1-10 of 241

References

lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

rhn.redhat.com/errata/RHSA-2017-0680.html

seclists.org/fulldisclosure/2019/Sep/7

www.debian.org/security/2016/dsa-3480

www.debian.org/security/2016/dsa-3481

www.openwall.com/lists/oss-security/2016/01/19/11

www.openwall.com/lists/oss-security/2016/01/20/1

www.securityfocus.com/bid/83275

www.ubuntu.com/usn/USN-2985-1

www.ubuntu.com/usn/USN-2985-2

access.redhat.com/errata/RHSA-2017:1916

lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html

seclists.org/bugtraq/2019/Sep/7

security.gentoo.org/glsa/201602-02

security.gentoo.org/glsa/201702-11

sourceware.org/bugzilla/show_bug.cgi?id=18240

www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.7%

Related for PRION:CVE-2015-8778

nessus27 f52 cve1 debiancve1 veracode1 ubuntucve1 oraclelinux4 ibm16 debian5 redhat2 osv4 openvas25 centos2 archlinux2 amazon1 suse9 fedora1 mageia1 gentoo2 cloudfoundry1 ubuntu2 packetstorm1