CVE-2015-5277
published 2015-12-17CVE-2015-5277: The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users…
high7.2CVSS 3.1
AVLACLAuNCCICAC
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | glibc | < glibc 2.21-1 (bookworm) | glibc 2.21-1 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.8 | 2.19-0ubuntu6.8 |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.9 | 2.19-0ubuntu6.9 |
| gnu | glibc | <= 2.19 | — |
| gnu | glibc | >= 0 < 2.21-1 | 2.21-1 |
| gnu | glibc | >= 0 < 2.21-1 | 2.21-1 |
| gnu | glibc | >= 0 < 2.21-1 | 2.21-1 |
| gnu | glibc | >= 0 < 2.21-1 | 2.21-1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH