CVE-2015-5327

Advisory lineage Upstream: 0 Downstream: 4

Downstream

MGASA-2016-0225 MGASA-2016-0232 MGASA-2016-0233 UBUNTU-CVE-2015-5327

Modified

Published: 25 Sept 2017, 21:00

Last modified:06 Aug 2024, 06:41

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.0 (nvd)

EPSS Score

0.21% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Sept 2017, 21:00

Published

Vulnerability first disclosed

06 Aug 2024, 06:41

Last Modified

Vulnerability information updated

Description

Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.

CVSS Metrics

v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.21%• Percentile: 43%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux_kernel
4.3 | 4.3:rc1 | 4.3:rc2 | 4.3:rc3 | 4.3:rc4 | 4.3:rc5 | 4.3:rc6 | 4.3:rc7