Описание
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glibc | fixed | 2.21-1 | package | |
| glibc | fixed | 2.19-18+deb8u2 | jessie | package |
| eglibc | removed | package | ||
| eglibc | fixed | 2.13-38+deb7u9 | wheezy | package |
| eglibc | fixed | 2.11.3-4+deb6u8 | squeeze | package |
Примечания
workaround entry for DLA-350-1 until/if CVE assigned
https://sourceware.org/bugzilla/show_bug.cgi?id=16009
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed
http://openwall.com/lists/oss-security/2015/09/08/2
EPSS
Связанные уязвимости
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Уязвимость библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS