Vulnerability Description
Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.1 |
| Roaring Penguin | Remind | <= 3.1.14 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00025.html
- http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.htmlPatch
- http://www.openwall.com/lists/oss-security/2015/07/29/2Exploit
- http://www.openwall.com/lists/oss-security/2015/08/07/1Exploit
- http://www.securityfocus.com/bid/76099
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00025.html
- http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.htmlPatch
- http://www.openwall.com/lists/oss-security/2015/07/29/2Exploit
- http://www.openwall.com/lists/oss-security/2015/08/07/1Exploit
- http://www.securityfocus.com/bid/76099
FAQ
What is CVE-2015-5957?
CVE-2015-5957 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.
How severe is CVE-2015-5957?
CVE-2015-5957 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5957?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Roaring Penguin Remind.