CVE-2015-5237 — HIGH (8.8) — White Hats Nepal

Q: What is CVE-2015-5237?

CVE-2015-5237 is a vulnerability with a CVSS score of 8.8 (HIGH). protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

Q: How severe is CVE-2015-5237?

CVE-2015-5237 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5237?

Check the references section above for vendor advisories and patch information. Affected products include: Google Protobuf.

Vulnerability Description

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Protobuf	<= 3.1.0

Related Weaknesses (CWE)

CWE-787

References

http://www.openwall.com/lists/oss-security/2015/08/27/2Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1256426Issue TrackingThird Party Advisory
https://github.com/google/protobuf/issues/760Issue TrackingThird Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12e
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d28
https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7
https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462
https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765
https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9b
https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e
https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc
https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf

FAQ

What is CVE-2015-5237?

CVE-2015-5237 is a vulnerability with a CVSS score of 8.8 (HIGH). protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

How severe is CVE-2015-5237?

CVE-2015-5237 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5237?

Check the references section above for vendor advisories and patch information. Affected products include: Google Protobuf.