6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.003 Low
EPSS
Percentile
70.9%
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or
libc6) before 2.21 does not properly consider data-type size during a
risk-management decision for use of the alloca function, which might allow
context-dependent attackers to cause a denial of service (segmentation
violation) or overwrite memory locations beyond the stack boundary via a
long line containing wide characters that are improperly handled in a
wscanf call.
Author | Note |
---|---|
tyhicks | Note that the upstream bug #16618 contains the issue of CVE-2015-1472 and this CVE |
mdeslaur | fixed in same commit as CVE-2015-1472 |