CVE-2015-5218

2015-11-0900:00:00

ubuntu.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27
allows local users to cause a denial of service (crash) via a crafted file,
related to the page global variable.

Bugs

Notes

Author	Note
sbeattie	fixed in util-linux, but debian/ubuntu util-linux does not ship colcrt
ccdm94	package bsdmainutils is not vulnerable in any release due to code that checks for writing beyond array bounds being included in the commit which introduced multibyte character support (243041573f0). Releases that include the multibyte character support therefore include the checks. A fix that identifies read errors was also released in a 2004 commit (70cd856a0c6), and is present in the code for all Ubuntu releases that contain colcrt in bsdmainutils. More recent versions such as Ubuntu 21.10 don’t include the colcrt code, as it was removed from the bsdmainutils source.

Author

Note

sbeattie

fixed in util-linux, but debian/ubuntu util-linux does not ship colcrt

ccdm94

package bsdmainutils is not vulnerable in any release due to code that checks for writing beyond array bounds being included in the commit which introduced multibyte character support (243041573f0). Releases that include the multibyte character support therefore include the checks. A fix that identifies read errors was also released in a 2004 commit (70cd856a0c6), and is present in the code for all Ubuntu releases that contain colcrt in bsdmainutils. More recent versions such as Ubuntu 21.10 don’t include the colcrt code, as it was removed from the bsdmainutils source.