CVE-2015-3406 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
module-signature_project	module-signature	𝑥 < 0.74
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
canonical	ubuntu_linux	15.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libmodule-signature-perl

bullseye	0.87-1 fixed
bookworm	0.88-2 fixed
sid	0.89-1 fixed
trixie	0.89-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libmodule-signature-perl

vivid	Fixed 0.73-1ubuntu0.15.04.1 released
utopic	Fixed 0.73-1ubuntu0.14.10.1 released
trusty	Fixed 0.73-1ubuntu0.14.04.1 released
precise	Fixed 0.68-1ubuntu0.12.04.2 released
lucid	ignored

Common Weakness Enumeration

CWE-681 - Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References

http://ubuntu.com/usn/usn-2607-1

http://www.openwall.com/lists/oss-security/2015/04/07/1

http://www.openwall.com/lists/oss-security/2015/04/23/17

https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f

https://metacpan.org/changes/distribution/Module-Signature

http://ubuntu.com/usn/usn-2607-1

http://www.openwall.com/lists/oss-security/2015/04/07/1

http://www.openwall.com/lists/oss-security/2015/04/23/17

https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f

https://metacpan.org/changes/distribution/Module-Signature