CVE-2015-8983
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
Desbordamiento de entero en la función _IO_wstr_overflow en libio/wstrops.c en GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.22 permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores relacionados con calcular un tamaño en, lo que desencadena un desbordamiento de búfer basado en memoria dinámica.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-14 CVE Reserved
- 2017-03-20 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/72740 | Third Party Advisory | |
| https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bdf1ff052a8e23d637f2c838fa5642d78fcedc33 | X_refsource_confirm | |
| https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/14/9 | 2023-11-07 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=17269 | 2023-11-07 |
| URL | Date | SRC |
|---|