CVE-2015-8984
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 20 Mar 2017, 16:00
Last modified:06 Aug 2024, 08:36
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
5.9 MEDIUM
v3.0 (nvd)
EPSS Score
0.76% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Mar 2017, 16:00
Published
Vulnerability first disclosed
06 Aug 2024, 08:36
Last Modified
Vulnerability information updated
Description
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.76%• Percentile: 74%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- gnu•glibc
≤ 2.21
References (6)
- http://www.openwall.com/lists/oss-security/2017/02/14/9
- http://www.securityfocus.com/bid/72789
- http://www.openwall.com/lists/oss-security/2015/02/26/5
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185
- https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html
- https://sourceware.org/bugzilla/show_bug.cgi?id=18032