CVE-2015-8948

Опубликовано: 10 авг. 2015

Источник: redhat

CVSS3: 3.7

CVSS2: 2.6

EPSS Низкий

Описание

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libidn	Will not fix
Red Hat Enterprise Linux 6	libidn	Will not fix
Red Hat Enterprise Linux 7	libidn	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1359141libidn: Out-of-bounds read due to use of fgets with fixed-size buffer

EPSS

Процентиль: 90%

0.05436

Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

CVE-2015-8948

CVSS3: 7.5

ubuntu

больше 9 лет назад

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

CVE-2015-8948

CVSS3: 7.5

nvd

больше 9 лет назад

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

CVE-2015-8948

CVSS3: 7.5

debian

больше 9 лет назад

idn in GNU libidn before 1.33 might allow remote attackers to obtain s ...

GHSA-5836-cm5m-6hmv

CVSS3: 7.5

github

больше 3 лет назад

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

openSUSE-SU-2016:2135-1

suse-cvrf

больше 9 лет назад

Security update for libidn

EPSS

Процентиль: 90%

0.05436

Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2