CVE-2015-20109
published 2023-06-25CVE-2015-20109: end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.22-1 (bookworm) | glibc 2.22-1 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.15+esm3 | 2.19-0ubuntu6.15+esm3 |
| gnu | glibc | < 2.22 | 2.22 |
| gnu | glibc | >= 0 < 2.22-1 | 2.22-1 |
| gnu | glibc | >= 0 < 2.22-1 | 2.22-1 |
| gnu | glibc | >= 0 < 2.22-1 | 2.22-1 |
| gnu | glibc | >= 0 < 2.22-1 | 2.22-1 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm6 | 2.23-0ubuntu11.3+esm6 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.6+esm2 | 2.27-3ubuntu1.6+esm2 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv9.8CRITICAL