CVE-2015-8948

CWE-125 — Out-of-bounds Read13 documents8 sources

Severity

7.5HIGH

EPSS

4.1%

top 11.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libidn Canonical Ubuntu Linux Opensuse Leap +1 more

Timeline

PublishedSep 7

Latest updateMay 13

Description

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianlibidn< 1.33-1+3

▶NVDgnu/libidn1.32

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

Patches

Patch: git.savannah.gnu.org ↗Patch: git.savannah.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-5836-cm5m-6hmv: idn in GNU libidn before 1↗2022-05-13

▶

OSV

CVE-2015-8948: idn in GNU libidn before 1↗2016-09-07

▶

CVEList

CVE-2015-8948: idn in GNU libidn before 1↗2016-09-07

▶

OSV

libidn vulnerabilities↗2016-08-24

▶

📋Vendor Advisories

Ubuntu

Libidn vulnerabilities↗2016-08-24

▶

Red Hat

libidn: Out-of-bounds read when reading zero byte as input↗2016-01-14

▶

Red Hat

libidn: Out-of-bounds read due to use of fgets with fixed-size buffer↗2015-08-10

▶

Debian

CVE-2015-8948: libidn - idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive m...↗2015

▶

💬Community

Bugzilla

CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [fedora-all]↗2016-07-22

▶

Bugzilla

CVE-2015-8948 libidn: Out-of-bounds read due to use of fgets with fixed-size buffer↗2016-07-22

▶

Bugzilla

CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 mingw-libidn: various flaws [epel-7]↗2016-07-22

▶

Bugzilla

CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 libidn: various flaws [fedora-all]↗2016-07-22

▶