A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.
Find out more about CVE-2015-1472 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5 and 6 as they did use different memory allocation algorithm in swscanf() function.
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:P/I:N/A:P |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (glibc) | RHSA-2015:2199 | 2015-11-19 |
| Red Hat Enterprise Linux Extended Update Support 7.1 (glibc) | RHSA-2015:2589 | 2015-12-09 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | glibc | Not affected |
| Red Hat Enterprise Linux 5 | glibc | Not affected |
Vulmon