cbcvebase.
CVE-2015-8984
published 2017-03-20

CVE-2015-8984: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application…

medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianglibc< glibc 2.22-1 (bookworm)glibc 2.22-1 (bookworm)
debianglibc< glibc 2.21-1 (bookworm)glibc 2.21-1 (bookworm)
eglibceglibc>= 0 < 2.19-0ubuntu6.102.19-0ubuntu6.10
eglibceglibc>= 0 < 2.19-0ubuntu6.112.19-0ubuntu6.11
gnuglibc< 2.222.22
gnuglibc<= 2.21
gnuglibc>= 0 < 2.22-12.22-1
gnuglibc>= 0 < 2.21-12.21-1
gnuglibc>= 0 < 2.22-12.22-1
gnuglibc>= 0 < 2.21-12.21-1
gnuglibc>= 0 < 2.22-12.22-1
gnuglibc>= 0 < 2.21-12.21-1
gnuglibc>= 0 < 2.22-12.22-1
gnuglibc>= 0 < 2.21-12.21-1
gnuglibc>= 0 < 2.23-0ubuntu62.23-0ubuntu6
gnuglibc>= 0 < 2.23-0ubuntu72.23-0ubuntu7

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH