CVE-2015-0278 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
libuv_project	libuv	𝑥 ≤ 0.10.33
nodejs	node.js	𝑥 < 0.10.37

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

libuv

artful	not-affected
bionic	not-affected
cosmic	dne
disco	dne
lucid	dne
precise	dne
trusty	dne
utopic	ignored
vivid	not-affected
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-273 - Improper Check for Dropped Privileges
The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References

http://advisories.mageia.org/MGASA-2015-0186.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:228

https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c

https://github.com/libuv/libuv/pull/215

https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ

https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html

https://security.gentoo.org/glsa/201611-10

http://advisories.mageia.org/MGASA-2015-0186.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:228

https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c

https://github.com/libuv/libuv/pull/215

https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ

https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html

https://security.gentoo.org/glsa/201611-10