Published: 08/04/2015 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) prior to 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent malicious users to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04
gnu glibc

Several security issues were fixed in the GNU C Library ...

Synopsis Important: glibc security update Type/Severity Security Advisory: Important Topic Updated glibc packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 71 Extended Update SupportRed Hat Product Security has rated this update as having Important securityimpact Com ...

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated glibc packages that fix multiple security issues, several bugs, andadd one enhancement are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...

Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library: CVE-2012-3406 The vfprintf function in stdio-common/vfprintfc in GNU C Library (aka glibc) 25, 212, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context- ...

Debian Bug report logs - #777197 glibc: CVE-2015-1472 CVE-2015-1473 Package: glibc; Maintainer for glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 6 Feb 2015 07:51:02 UTC Severity: grave Tags: security Fixed in versions glibc/219-15, eglibc ...

Debian Bug report logs - #775572 glibc: CVE-2014-7817 CVE-2014-9402 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 17 Jan 2015 14:42:02 UTC Severity: important Tags: security Found in version glibc/219 ...

Debian Bug report logs - #681888 CVE-2012-3406: glibc formatted printing vulnerabilities Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 13 Jul 2012 13:42:15 UTC Severity: important Tags: secur ...

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code wi ...

A stack overflow flaw was found in glibc's swscanf() function An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application ...

CWE-119 http://openwall.com/lists/oss-security/2015/02/04/1 http://www.ubuntu.com/usn/USN-2519-1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72499 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 https://usn.ubuntu.com/2519-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-1473

Get Started

CVE-2015-1473

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect