CVE-2015-7516
published 2017-08-24CVE-2015-7516: ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two…
PriorityP336high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.69%
88.3th percentile
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| onosproject | onos | <= 1.4.0 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat1.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jrwf-hwq3-2j8j: ONOS before 1
ghsa_unreviewed·2022-05-17
CVE-2015-7516 [HIGH] CWE-476 GHSA-jrwf-hwq3-2j8j: ONOS before 1
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
Red Hat
cpio: --no-absolute-filenames bypass via symlinks
vendor_redhat·2017-06-05·CVSS 1.9
CVE-2017-7516 [LOW] CWE-22 cpio: --no-absolute-filenames bypass via symlinks
cpio: --no-absolute-filenames bypass via symlinks
[REJECTED CVE] A vulnerability was identified in the GNU cpio package where the --no-absolute-filenames option, intended to restrict extraction to the current directory, can be bypassed using crafted symlinks. During extraction, cpio will first create the symlink and then follow it for subsequent entries, allowing a malicious archive to write files outside the intended directory (e.g., /tmp/file). An attacker could exploit this by tricking a user, into extracting such an archive, potentially leading to arbitrary file creation, privilege escalation, or data corruption.
Statement: This flaw was found to be a duplicate of CVE-2015-1197. Please see https://access.redhat.com/security/cve/CVE-2015-1197 for information about affected products an
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2015/11/26/1http://www.securityfocus.com/bid/77752https://gerrit.onosproject.org/#/c/6137/https://jira.onosproject.org/browse/ONOS-3349https://wiki.onosproject.org/display/ONOS/Security+advisorieshttp://www.openwall.com/lists/oss-security/2015/11/26/1http://www.securityfocus.com/bid/77752https://gerrit.onosproject.org/#/c/6137/https://jira.onosproject.org/browse/ONOS-3349https://wiki.onosproject.org/display/ONOS/Security+advisories
2017-08-24
Published