A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.
Find out more about CVE-2015-8779 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 5.1 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (glibc) | RHSA-2017:1916 | 2017-08-01 |
| Red Hat Enterprise Linux 6 (glibc) | RHSA-2017:0680 | 2017-03-21 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | compat-glibc | Will not fix |
| Red Hat Enterprise Linux 6 | compat-glibc | Will not fix |
| Red Hat Enterprise Linux 5 | compat-glibc | Will not fix |
| Red Hat Enterprise Linux 5 | glibc | Will not fix |
Do not use applications which call catopen with unbounded strings. The catopen function is rarely used. Typical application usage involves passing a short, constant string to catopen, so most applications are not affect even if they call catopen.
Vulmon