CVE-2015-5689

CWE-119 — Buffer Overflow4 documents4 sources

Severity

6.8MEDIUM

EPSS

3.0%

top 13.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Deployment Solution Symantec Ghost Solutions Suite

Timeline

PublishedSep 20

Latest updateMay 17

Description

ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDsymantec/ghost_solutions_suite6 versions+5

▶NVDsymantec/deployment_solution6.9

🔴Vulnerability Details

GHSA

GHSA-rggv-cpx8-vv74: ghostexp↗2022-05-17

▶

CVEList

CVE-2015-5689: ghostexp↗2015-09-20

▶

OSV

bind9 vulnerabilities↗2015-07-28

▶