Vulnerability Description
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | <= 2.21 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2017/02/14/9Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/72740Third Party AdvisoryVDB Entry
- https://sourceware.org/bugzilla/show_bug.cgi?id=17269Issue TrackingPatch
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bdf1ff052a8e23d637f2c838fa
- https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/02/14/9Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/72740Third Party AdvisoryVDB Entry
- https://sourceware.org/bugzilla/show_bug.cgi?id=17269Issue TrackingPatch
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bdf1ff052a8e23d637f2c838fa
- https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.htmlThird Party Advisory
FAQ
What is CVE-2015-8983?
CVE-2015-8983 is a vulnerability with a CVSS score of 8.1 (HIGH). Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application...
How severe is CVE-2015-8983?
CVE-2015-8983 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8983?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc.