CVE-2015-3256

EUVD-2015-3309
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
polkit_projectpolkit
𝑥
≤ 0.112
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bookworm
122-3
fixed
bullseye
0.105-31+deb11u1
fixed
bullseye (security)
0.105-31+deb11u1
fixed
sid
125-2
fixed
trixie
125-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit-1
precise
not-affected
trusty
not-affected
vivid
not-affected
Common Weakness Enumeration
References
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://rhn.redhat.com/errata/RHSA-2016-0189.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/77356
http://www.securitytracker.com/id/1035023
https://bugzilla.redhat.com/show_bug.cgi?id=1245684
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://rhn.redhat.com/errata/RHSA-2016-0189.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/77356
http://www.securitytracker.com/id/1035023
https://bugzilla.redhat.com/show_bug.cgi?id=1245684