CVE-2015-8984 — Out-of-bounds Read in Glibc

CWE-125 — Out-of-bounds Read CWE-404 — Improper Resource Shutdown or Release10 documents8 sources

Severity

5.9MEDIUMNVD

EPSS

0.8%

top 26.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedMar 20

Latest updateJun 25

Description

The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶Debiangnu/glibc< 2.21-1+3

▶NVDgnu/glibc2.21

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-cpjm-j6p4-7vf4: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2↗2022-05-17

▶

OSV

CVE-2015-8984: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2↗2017-03-20

▶

CVEList

CVE-2015-8984: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2↗2017-03-20

▶

📋Vendor Advisories

Red Hat

glibc: buffer overflow (read past end of buffer) in internal_fnmatch=>end_pattern with "**(!()" pattern↗2023-06-25

▶

Ubuntu

GNU C Library vulnerabilities↗2017-03-21

▶

Red Hat

glibc: potential denial of service in internal_fnmatch()↗2015-02-26

▶

Debian

CVE-2015-8984: glibc - The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might...↗2015

▶

💬Community

Bugzilla

CVE-2015-8984 glibc: potential denial of service in internal_fnmatch() [fedora-all]↗2015-03-02

▶

Bugzilla

CVE-2015-8984 glibc: potential denial of service in internal_fnmatch()↗2015-03-02

▶