CVE-2015-8776 — CRITICAL (9.1)

Q: How severe is CVE-2015-8776?

CVE-2015-8776 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-8776?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Linux Enterprise Debuginfo, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit.

Vulnerability Description

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Suse	Linux Enterprise Debuginfo	11
Opensuse	Opensuse	13.2
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Suse	Suse Linux Enterprise Server	12
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	8.0
Fedoraproject	Fedora	23
Gnu	Glibc	<= 2.22

Related Weaknesses (CWE)

CWE-189

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0680.html
http://www.debian.org/security/2016/dsa-3480
http://www.debian.org/security/2016/dsa-3481Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/01/19/11Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/01/20/1Issue Tracking
http://www.securityfocus.com/bid/83277
http://www.ubuntu.com/usn/USN-2985-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2985-2Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1916

FAQ

What is CVE-2015-8776?

CVE-2015-8776 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information...

How severe is CVE-2015-8776?

CVE-2015-8776 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-8776?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Linux Enterprise Debuginfo, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit.