Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8778

Опубликовано: 10 апр. 2015
Источник: redhat
CVSS3: 8.1
CVSS2: 5.1
EPSS Низкий

Описание

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.

Меры по смягчению последствий

Do not use any applications which call hcreate or hcreate_r with a large size argument. These functions are used only rarely, and most callers supply a constant argument. Other applications calculate the size argument in such a way that the error condition cannot be triggered.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5compat-glibcWill not fix
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 6compat-glibcWill not fix
Red Hat Enterprise Linux 7compat-glibcWill not fix
Red Hat Enterprise Linux 6glibcFixedRHSA-2017:068021.03.2017
Red Hat Enterprise Linux 7glibcFixedRHSA-2017:191601.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1300303glibc: Integer overflow in hcreate and hcreate_r

EPSS

Процентиль: 91%
0.06604
Низкий

8.1 High

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8778

CVSS3: 9.8
ubuntu
больше 9 лет назад

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

nvd логотип

CVE-2015-8778

CVSS3: 9.8
nvd
больше 9 лет назад

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

debian логотип

CVE-2015-8778

CVSS3: 9.8
debian
больше 9 лет назад

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 ...

github логотип

GHSA-4r54-pcmf-cg7r

CVSS3: 9.8
github
больше 3 лет назад

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

oracle-oval логотип

ELSA-2017-0680

oracle-oval
больше 8 лет назад

ELSA-2017-0680: glibc security and bug fix update (MODERATE)

EPSS

Процентиль: 91%
0.06604
Низкий

8.1 High

CVSS3

5.1 Medium

CVSS2