csaf_certbund - wid-sec-w-2022-2008

WID-SEC-W-2022-2008

Vulnerability from csaf_certbund - Published: 2017-02-14 23:00 - Updated: 2025-09-17 22:00

Summary

GNU libc: mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche die Systemaufrufe sowie Basisfunktionalität bereitstellt.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um beliebigen Programmcode mit den Rechten des Angegriffenen auszuführen oder einen Denial of Service Angriff durchführen.

Betroffene Betriebssysteme

- F5 Networks - Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche die Systemaufrufe sowie Basisfunktionalit\u00e4t bereitstellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um beliebigen Programmcode mit den Rechten des Angegriffenen auszuf\u00fchren oder einen Denial of Service Angriff durchf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- F5 Networks\n- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2008 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2022-2008.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2008 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2008"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailing Liste vom 2017-02-14",
        "url": "http://seclists.org/oss-sec/2017/q1/437"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3239-1 vom 2017-03-21",
        "url": "http://www.ubuntu.com/usn/usn-3239-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3239-2 vom 2017-03-22",
        "url": "http://www.ubuntu.com/usn/usn-3239-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3239-3 vom 2017-03-24",
        "url": "http://www.ubuntu.com/usn/usn-3239-3/"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K25552364 vom 2017-04-25",
        "url": "https://support.f5.com/csp/article/K25552364"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K39204079 vom 2017-04-26",
        "url": "https://support.f5.com/csp/article/K39204079"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K29241247 vom 2017-04-26",
        "url": "https://support.f5.com/csp/article/K29241247"
      },
      {
        "category": "external",
        "summary": "GENTOO Security Advisory GLSA201908-06 vom 2019-08-15",
        "url": "https://security.gentoo.org/glsa/201908-06"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4753 vom 2019-08-19",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4753.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-0348 vom 2021-02-04",
        "url": "https://linux.oracle.com/errata/ELSA-2021-0348.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0832-1 vom 2022-03-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010437.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:14923-1 vom 2022-03-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010489.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-1869 vom 2022-11-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1869.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3942-1 vom 2022-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012879.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3942-2 vom 2022-11-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013175.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12444 vom 2024-06-19",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12444.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-20596 vom 2025-09-17",
        "url": "https://linux.oracle.com/errata/ELSA-2025-20596.html"
      }
    ],
    "source_lang": "en-US",
    "title": "GNU libc: mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-17T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-18T07:16:09.759+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2022-2008",
      "initial_release_date": "2017-02-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2017-02-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2017-02-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-03-20T23:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-21T23:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-23T23:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-25T22:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-25T22:00:00.000+00:00",
          "number": "7",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-04-26T22:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2019-08-15T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von GENTOO aufgenommen"
        },
        {
          "date": "2019-08-19T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-02-03T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-03-14T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-03-21T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-11-09T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-11-10T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-11-30T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-18T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-09-17T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source GNU libc",
            "product": {
              "name": "Open Source GNU libc",
              "product_id": "190376",
              "product_identification_helper": {
                "cpe": "cpe:/a:gnu:glibc:2.17"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-8982",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "T004914",
          "190376"
        ]
      },
      "release_date": "2017-02-14T23:00:00.000+00:00",
      "title": "CVE-2015-8982"
    },
    {
      "cve": "CVE-2015-8983",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "T004914",
          "190376"
        ]
      },
      "release_date": "2017-02-14T23:00:00.000+00:00",
      "title": "CVE-2015-8983"
    },
    {
      "cve": "CVE-2015-8984",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "T004914",
          "190376"
        ]
      },
      "release_date": "2017-02-14T23:00:00.000+00:00",
      "title": "CVE-2015-8984"
    },
    {
      "cve": "CVE-2015-8985",
      "product_status": {
        "known_affected": [
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "T004914",
          "190376"
        ]
      },
      "release_date": "2017-02-14T23:00:00.000+00:00",
      "title": "CVE-2015-8985"
    }
  ]
}

CVE-2015-8982 (GCVE-0-2015-8982)

Vulnerability from cvelistv5 – Published: 2017-03-15 19:00 – Updated: 2024-08-06 08:36

Summary

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2017/02/14/9	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/72602	vdb-entryx_refsource_BID
	https://sourceware.org/bugzilla/show_bug.cgi?id=16009	x_refsource_CONFIRM
	https://sourceware.org/git/gitweb.cgi?p=glibc.git…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/02/13/3	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf4c02775860…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294b…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:36:31.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
          },
          {
            "name": "72602",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72602"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16009"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=0f9e585480ed"
          },
          {
            "name": "[oss-security] 20150213 CVE Requests - glibc overflows (strxfrm)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/02/13/3"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T14:08:46",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
        },
        {
          "name": "72602",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72602"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16009"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=0f9e585480ed"
        },
        {
          "name": "[oss-security] 20150213 CVE Requests - glibc overflows (strxfrm)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/02/13/3"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8982",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
            },
            {
              "name": "72602",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72602"
            },
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=16009",
              "refsource": "CONFIRM",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=16009"
            },
            {
              "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed",
              "refsource": "CONFIRM",
              "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed"
            },
            {
              "name": "[oss-security] 20150213 CVE Requests - glibc overflows (strxfrm)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/02/13/3"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8982",
    "datePublished": "2017-03-15T19:00:00",
    "dateReserved": "2017-02-14T00:00:00",
    "dateUpdated": "2024-08-06T08:36:31.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8984 (GCVE-0-2015-8984)

Vulnerability from cvelistv5 – Published: 2017-03-20 16:00 – Updated: 2024-08-06 08:36

Summary

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2017/02/14/9	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/72789	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/02/26/5	mailing-listx_refsource_MLIST
	https://sourceware.org/git/gitweb.cgi?p=glibc.git…	x_refsource_CONFIRM
	https://www.sourceware.org/ml/libc-alpha/2015-08/…	mailing-listx_refsource_MLIST
	https://sourceware.org/bugzilla/show_bug.cgi?id=18032	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:36:31.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
          },
          {
            "name": "72789",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72789"
          },
          {
            "name": "[oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185"
          },
          {
            "name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-20T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
        },
        {
          "name": "72789",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72789"
        },
        {
          "name": "[oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185"
        },
        {
          "name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
            },
            {
              "name": "72789",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72789"
            },
            {
              "name": "[oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"
            },
            {
              "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185",
              "refsource": "CONFIRM",
              "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185"
            },
            {
              "name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available",
              "refsource": "MLIST",
              "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
            },
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032",
              "refsource": "CONFIRM",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8984",
    "datePublished": "2017-03-20T16:00:00",
    "dateReserved": "2017-02-14T00:00:00",
    "dateUpdated": "2024-08-06T08:36:31.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8983 (GCVE-0-2015-8983)

Vulnerability from cvelistv5 – Published: 2017-03-20 16:00 – Updated: 2024-08-06 08:36

Summary

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2017/02/14/9	mailing-listx_refsource_MLIST
	https://sourceware.org/bugzilla/show_bug.cgi?id=17269	x_refsource_CONFIRM
	https://www.sourceware.org/ml/libc-alpha/2015-08/…	mailing-listx_refsource_MLIST
	https://sourceware.org/git/gitweb.cgi?p=glibc.git…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/72740	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:36:31.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17269"
          },
          {
            "name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bdf1ff052a8e23d637f2c838fa5642d78fcedc33"
          },
          {
            "name": "72740",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72740"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-20T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17269"
        },
        {
          "name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bdf1ff052a8e23d637f2c838fa5642d78fcedc33"
        },
        {
          "name": "72740",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72740"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8983",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
            },
            {
              "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17269",
              "refsource": "CONFIRM",
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17269"
            },
            {
              "name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available",
              "refsource": "MLIST",
              "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
            },
            {
              "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33",
              "refsource": "CONFIRM",
              "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33"
            },
            {
              "name": "72740",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72740"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8983",
    "datePublished": "2017-03-20T16:00:00",
    "dateReserved": "2017-02-14T00:00:00",
    "dateUpdated": "2024-08-06T08:36:31.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8985 (GCVE-0-2015-8985)

Vulnerability from cvelistv5 – Published: 2017-03-20 16:00 – Updated: 2024-08-06 08:36

Summary

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2017/02/14/9	mailing-listx_refsource_MLIST
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/76916	vdb-entryx_refsource_BID
	https://security.gentoo.org/glsa/201908-06	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:36:31.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392"
          },
          {
            "name": "76916",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76916"
          },
          {
            "name": "GLSA-201908-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-15T17:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392"
        },
        {
          "name": "76916",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76916"
        },
        {
          "name": "GLSA-201908-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8985",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20170214 Re: Pending CVE requests for glibc",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392"
            },
            {
              "name": "76916",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76916"
            },
            {
              "name": "GLSA-201908-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8985",
    "datePublished": "2017-03-20T16:00:00",
    "dateReserved": "2017-02-14T00:00:00",
    "dateUpdated": "2024-08-06T08:36:31.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2022-2008

CVE-2015-8982 (GCVE-0-2015-8982)

CVE-2015-8984 (GCVE-0-2015-8984)

CVE-2015-8983 (GCVE-0-2015-8983)

CVE-2015-8985 (GCVE-0-2015-8985)

Tags

Sightings

Nomenclature