CVE-2017-5357

Опубликовано: 17 фев. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

Ссылки

http://www.openwall.com/lists/oss-security/2017/01/12/5
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/12/6
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/12/7
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/13/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/95422
Third Party Advisory
VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/
https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2017/01/12/5
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/12/6
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/12/7
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/13/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/95422
Third Party Advisory
VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/
https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:gnu:ed:*:*:*:*:*:*:*:*

Версия до 1.14 (включая)

EPSS

Процентиль: 77%

0.01019

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2017-5357

CVSS3: 7.5

ubuntu

почти 9 лет назад

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

CVE-2017-5357

CVSS3: 3.3

redhat

около 9 лет назад

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

CVE-2017-5357

CVSS3: 7.5

debian

почти 9 лет назад

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of ...

SUSE-SU-2020:1608-1

suse-cvrf

больше 5 лет назад

Security update for ed

SUSE-SU-2019:14005-1

suse-cvrf

почти 7 лет назад

Security update for ed

EPSS

Процентиль: 77%

0.01019

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-416