CVE-2015-3256

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
polkit_projectpolkit
𝑥
≤ 0.112
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bullseye
0.105-31+deb11u1
fixed
bullseye (security)
0.105-31+deb11u1
fixed
bookworm
122-3
fixed
sid
125-2
fixed
trixie
125-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit-1
vivid
not-affected
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://rhn.redhat.com/errata/RHSA-2016-0189.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/77356
http://www.securitytracker.com/id/1035023
https://bugzilla.redhat.com/show_bug.cgi?id=1245684
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://rhn.redhat.com/errata/RHSA-2016-0189.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/77356
http://www.securitytracker.com/id/1035023
https://bugzilla.redhat.com/show_bug.cgi?id=1245684