CVE-2015-1515
published 2015-02-19CVE-2015-1515: The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain…
PriorityP338high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.05%
59.9th percentile
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softsphere | defensewall_personal_firewall | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
bugzilla·2017-01-12·CVSS 9.6
CVE-2016-1515 [CRITICAL] CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
A vulnerability was found in libebml. A use after free/double free vulnerability can occur in libebml while parsing Track elements of the MKV container which would crash the application.
References:
http://www.talosintelligence.com/reports/TALOS-2016-0037/
Discussion:
Created libebml tracking bugs for this issue:
Affects: epel-all [bug 1412634]
Affects: fedora-all [bug 1412633]
---
Upon closer investigation, I believe it is a duplicate of CVE-2015-8789 (bug 1276332) and will close it as such upon confirmation from upstream.
---
*** This bug has been marked as a duplicate of bug 1276332 ***
Bugzilla
CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
bugzilla·2015-11-25·CVSS 7.5
CVE-2015-2328 [HIGH] CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
A stack-based buffer overflow vulnerability was found in compile_regex(), triggered via crafted regular expression.
Upstream bug (contains reproducer):
https://bugs.exim.org/show_bug.cgi?id=1515
Upstream patch:
http://vcs.pcre.org/pcre?view=revision&revision=1498
CVE request:
http://www.openwall.com/lists/oss-security/2015/05/31/4
Discussion:
Created pcre tracking bugs for this issue:
Affects: fedora-all [bug 1285401]
---
Upstream fixed it in 8.36. Simple reproducer is crash when compiling /((?(R)a|(?1)))*/ expression.
---
This has already been fixed as bug #1128577 in Fedora. No supported Fedora is affected since 2014-08-11.
---
This is not a stack
2015-02-19
Published