A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.
Find out more about CVE-2015-1473 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the version of glibc package as shipped with Red Hat Enterprise Linux 5 and 6.
Base Score | 2.6 |
---|---|
Base Metrics | AV:L/AC:H/Au:N/C:P/I:N/A:P |
Access Vector | Local |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 (glibc) | RHSA-2015:2199 | 2015-11-19 |
Red Hat Enterprise Linux Extended Update Support 7.1 (glibc) | RHSA-2015:2589 | 2015-12-09 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | glibc | Not affected |
Red Hat Enterprise Linux 5 | glibc | Not affected |