CVE-2015-3256 — Out-of-bounds Write in Project Polkit

CWE-2646 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 76.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Polkit Project Polkit Opensuse

Timeline

PublishedOct 26

Latest updateMay 14

Description

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDpolkit_project/polkit0.112

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-779g-mjcq-vffm: PolicyKit (aka polkit) before 0↗2022-05-14

▶

CVEList

CVE-2015-3256: PolicyKit (aka polkit) before 0↗2015-10-26

▶

📋Vendor Advisories

Red Hat

polkit: Memory corruption via javascript rule evaluation↗2015-07-02

▶

Debian

CVE-2015-3256: policykit-1 - PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of serv...↗2015

▶

💬Community

Bugzilla

CVE-2015-3256 polkit: Memory corruption via javascript rule evaluation↗2015-07-22

▶