CVE-2015-8778

Loading...

General

Score:7.5/10.0
Severity:High
Category:Buffer Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-2207, CVE-2013-4458, CVE-2014-8121, CVE-2014-9761, CVE-2015-1781, CVE-2015-5277, CVE-2015-7547, CVE-2015-8776, CVE-2015-8777, CVE-2015-8779, CVE-2016-2856, CVE-2016-3075

Published on 19/04/16 - Updated on 30/10/18

Description

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2015-8778
Amazon Linux ALAS-2017-877
Arch Linux ASA-201602-14, ASA-201602-15
CentOS CESA-2017:0680, CESA-2017:1916
Debian DSA-3480-1, DSA-3481-1
Debian LTSDLA-411-1
Oracle Linux ELSA-2017-0680, ELSA-2017-1916
Redhat RHSA-2017:0680, RHSA-2017:1916
SUSE SUSE-SU-2016:0470, SUSE-SU-2016:0471, SUSE-SU-2016:0472, SUSE-SU-2016:0473
Ubuntu USN-2985-1, USN-2985-2

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
fedoraprojectfedora
gnuglibc
opensuseopensuse
suselinux_enterprise_debuginfo
suselinux_enterprise_desktop
suselinux_enterprise_server
suselinux_enterprise_software_development_kit
susesuse_linux_enterprise_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail