CVE-2015-8778 — CRITICAL (9.8)

Q: How severe is CVE-2015-8778?

CVE-2015-8778 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-8778?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Canonical Ubuntu Linux, Gnu Glibc, Suse Linux Enterprise Debuginfo.

Vulnerability Description

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	23
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04
Gnu	Glibc	<= 2.22
Suse	Linux Enterprise Debuginfo	11
Opensuse	Opensuse	13.2
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Suse	Suse Linux Enterprise Server	12

Related Weaknesses (CWE)

CWE-119

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.htmlThird Party Advisory
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-G
http://rhn.redhat.com/errata/RHSA-2017-0680.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.debian.org/security/2016/dsa-3480
http://www.debian.org/security/2016/dsa-3481
http://www.openwall.com/lists/oss-security/2016/01/19/11Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/01/20/1Third Party Advisory
http://www.securityfocus.com/bid/83275
http://www.ubuntu.com/usn/USN-2985-1Third Party Advisory

FAQ

What is CVE-2015-8778?

CVE-2015-8778 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the si...

How severe is CVE-2015-8778?

CVE-2015-8778 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-8778?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Canonical Ubuntu Linux, Gnu Glibc, Suse Linux Enterprise Debuginfo.