CVE-2015-1783 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Lasso

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456 — Missing Initialization of a Variable7 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Entrouvert Lasso Debian Lasso Fedoraproject Fedora

Timeline

PublishedAug 11

Latest updateMay 17

Description

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/lasso< lasso 2.4.1-1 (bookworm)

▶Debianentrouvert/lasso< 2.4.1-1+3

▶NVDentrouvert/lasso2.4.0

Also affects: Fedora 20, 21, 22

Patches

Patch: bugzilla.redhat.com ↗Patch: repos.entrouvert.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-h78r-gxwp-4fvm: The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause↗2022-05-17

▶

OSV

CVE-2015-1783: The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause↗2017-08-11

▶

📋Vendor Advisories

Red Hat

lasso: use of uninitialized value leading to a crash↗2015-03-09

▶

Debian

CVE-2015-1783: lasso - The prefix variable in the get_or_define_ns function in Lasso before commit 6d85...↗2015

▶

💬Community

Bugzilla

CVE-2015-1783 lasso: use of uninitialized value leading to a crash↗2015-03-09

▶

Bugzilla

CVE-2015-1783 lasso: use of uninitialized value leading to a crash [fedora-all]↗2015-03-09

▶