Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-4645

Published: 17/03/2017 Updated: 24/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Squashfs Project

Vulnerability Summary

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote malicious users to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

squashfs project squashfs

fedoraproject fedora 21

fedoraproject fedora 22

Vendor Advisories

Debian CVElist Bug Report Logs: squashfs-tools: CVE-2015-4645
Debian Bug report logs - #793467 squashfs-tools: CVE-2015-4645 Package: src:squashfs-tools; Maintainer for src:squashfs-tools is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Romeo Papa <romeopapa@caramailcom> Date: Fri, 24 Jul 2015 10:12:02 UTC Severity: normal Tags: security, upstream Found in version s ...
Debian CVElist Bug Report Logs: squashfs-tools: CVE-2015-4646
Debian Bug report logs - #793468 squashfs-tools: CVE-2015-4646 Package: src:squashfs-tools; Maintainer for src:squashfs-tools is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Romeo Papa <romeopapa@caramailcom> Date: Fri, 24 Jul 2015 10:15:01 UTC Severity: normal Tags: patch, security, upstream Found in ve ...
Amazon Linux 2: ALAS2-2023-2152
Integer overflow in the read_fragment_table_4 function in unsquash-4c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow (CVE-2015-4645) (1) unsquash-1c, (2) unsquash-2c, (3) unsquash-3c, and (4) unsquash-4c in Squashfs and sasqua ...
Red Hat: CVE-2015-4645
Integer overflow in the read_fragment_table_4 function in unsquash-4c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow ...

References

CWE-190https://security.gentoo.org/glsa/201701-73https://github.com/devttys0/sasquatch/pull/5https://bugzilla.redhat.com/show_bug.cgi?id=1234886http://www.securityfocus.com/bid/75272http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.htmlhttps://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793467https://alas.aws.amazon.com/AL2/ALAS-2023-2152.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook