CVE-2015-1472 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents8 sources

Severity

7.5HIGHNVD

EPSS

4.8%

top 10.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Canonical Ubuntu Linux

Timeline

PublishedApr 8

Latest updateMay 14

Description

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debiangnu/glibc< 2.19-15+3

▶NVDgnu/glibc2.20

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-7g3j-xr9q-w6cw: The ADDW macro in stdio-common/vfscanf↗2022-05-14

▶

OSV

CVE-2015-1472: The ADDW macro in stdio-common/vfscanf↗2015-04-08

▶

CVEList

CVE-2015-1472: The ADDW macro in stdio-common/vfscanf↗2015-04-08

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2015-02-26

▶

Debian

CVE-2015-1472: glibc - The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc...↗2015

▶

Red Hat

glibc: heap buffer overflow in glibc swscanf↗2014-02-21

▶

💬Community

Bugzilla

CVE-2015-1473 glibc: Stack-overflow in glibc swscanf↗2015-04-06

▶

Bugzilla

CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf↗2015-02-02

▶