Vulnerability Description
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.1 |
| Standards Based Linux Instrumentation | Sblim-Sfcb | 1.3.4 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.h
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html
- http://www.openwall.com/lists/oss-security/2015/08/21/2Exploit
- http://www.securityfocus.com/bid/91212
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.h
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html
- http://www.openwall.com/lists/oss-security/2015/08/21/2Exploit
- http://www.securityfocus.com/bid/91212
FAQ
What is CVE-2015-5185?
CVE-2015-5185 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty classNam...
How severe is CVE-2015-5185?
CVE-2015-5185 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5185?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Standards Based Linux Instrumentation Sblim-Sfcb.