Published: 19/04/2016 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in the GNU C Library (aka glibc or libc6) prior to 2.23 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 23
debian debian linux 8.0
canonical ubuntu linux 15.10
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
gnu glibc
suse linux enterprise desktop 11
suse linux enterprise server 11
suse linux enterprise software development kit 12
suse suse linux enterprise server 12
suse linux enterprise desktop 12
suse linux enterprise debuginfo 11
opensuse opensuse 13.2
suse linux enterprise server 12
suse linux enterprise software development kit 11

Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Several security issues were fixed in the GNU C Library ...

USN-2985-1 introduced a regression in the GNU C Library ...

Several vulnerabilities have been fixed in the GNU C Library, glibc The first vulnerability listed below is considered to have critical impact CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could misman ...

Debian Bug report logs - #813187 glibc: CVE-2014-9761: Unbounded stack allocation in nan* functions Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 Jan 2016 09:33:11 UTC Severity: normal Tags: fix ...

Debian Bug report logs - #812441 glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Jan 2016 23:36:02 UTC Severity: important Tags: fix ...

Debian Bug report logs - #812445 glibc: CVE-2015-8776: Segmentation fault caused by passing out-of-range data to strftime() Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Jan 2016 23:42:02 UTC Se ...

Debian Bug report logs - #812455 glibc: CVE-2015-8779: Unbounded stack allocation in catopen function Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 24 Jan 2016 00:45:01 UTC Severity: important Tags ...

Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen() function An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code(CVE-2015-8779) Integer overflow in hcreate and hcreate_rAn integer overflow vulnerability was found in hcrea ...

An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access This could lead to application crash or, potentially, arbitrary code execution ...

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X <!--X-Subject-Head ...

CWE-119 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html https://sourceware.org/bugzilla/show_bug.cgi?id=18240 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://www.debian.org/security/2016/dsa-3481 http://www.openwall.com/lists/oss-security/2016/01/19/11 https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html http://www.openwall.com/lists/oss-security/2016/01/20/1 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.ubuntu.com/usn/USN-2985-2 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html https://security.gentoo.org/glsa/201602-02 http://www.ubuntu.com/usn/USN-2985-1 http://www.securityfocus.com/bid/83275 http://www.debian.org/security/2016/dsa-3480 https://security.gentoo.org/glsa/201702-11 https://access.redhat.com/errata/RHSA-2017:1916 http://rhn.redhat.com/errata/RHSA-2017-0680.html http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html https://access.redhat.com/errata/RHSA-2017:0680 https://nvd.nist.gov https://usn.ubuntu.com/2985-1/

CVE-2015-8778

Vulnerability Summary

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect