CVE-2015-1473 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow8 documents8 sources

Severity

6.4MEDIUMNVD

EPSS

0.4%

top 36.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Canonical Ubuntu Linux

Timeline

PublishedApr 8

Latest updateMay 17

Description

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶Debiangnu/glibc< 2.19-15+3

▶NVDgnu/glibc2.20

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-jx9c-49v7-hj5h: The ADDW macro in stdio-common/vfscanf↗2022-05-17

▶

OSV

CVE-2015-1473: The ADDW macro in stdio-common/vfscanf↗2015-04-08

▶

CVEList

CVE-2015-1473: The ADDW macro in stdio-common/vfscanf↗2015-04-08

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2015-02-26

▶

Debian

CVE-2015-1473: glibc - The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc...↗2015

▶

Red Hat

glibc: Stack-overflow in glibc swscanf↗2014-02-21

▶

💬Community

Bugzilla

CVE-2015-1473 glibc: Stack-overflow in glibc swscanf↗2015-04-06

▶