// For flags

CVE-2016-15024

doomsider shadow denial of service

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.

Es wurde eine problematische Schwachstelle in doomsider shadow ausgemacht. Dabei betrifft es einen unbekannter Codeteil. Durch Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Der Patch wird als 3332c5ba9ec3014ddc74e2147190a050eee97bc0 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

*Credits: VulDB GitHub Commit Analyzer
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Local
Attack Complexity
High
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-02-18 CVE Reserved
  • 2023-02-19 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-09-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-404: Improper Resource Shutdown or Release
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Doomsider Shadow Project
Search vendor "Doomsider Shadow Project"
Doomsider Shadow
Search vendor "Doomsider Shadow Project" for product "Doomsider Shadow"
< 2016-06-09
Search vendor "Doomsider Shadow Project" for product "Doomsider Shadow" and version " < 2016-06-09"
-
Affected