Published: 08/04/2016 Updated: 28/11/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent malicious users to cause a denial of service (hang or crash) via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux hpc node 7.0
redhat enterprise linux 7.2
redhat enterprise linux 6.7
redhat enterprise linux server eus 7.2
redhat enterprise linux server aus 7.2
redhat enterprise linux server 7.0
redhat enterprise linux hpc node eus 7.2
redhat enterprise linux workstation 7.0
redhat enterprise linux desktop 7.0

Synopsis Low: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base sc ...

It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes This could result in unexpected application behavior such as hangs or crashes ...

CWE-17 https://bugzilla.redhat.com/show_bug.cgi?id=1293976 http://rhn.redhat.com/errata/RHSA-2016-0176.html https://bugzilla.redhat.com/show_bug.cgi?id=1246713 https://bugzilla.redhat.com/show_bug.cgi?id=1256285 https://kc.mcafee.com/corporate/index?page=content&id=SB10150 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/84172 https://access.redhat.com/errata/RHSA-2016:2573 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2016-660.html

CVE-2015-5229

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect