CVE-2017-15804 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
gnu	glibc	𝑥 ≤ 2.26

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

glibc

bullseye	2.31-13+deb11u11 fixed
wheezy	no-dsa
bullseye (security)	2.31-13+deb11u10 fixed
bookworm	2.36-9+deb12u8 fixed
bookworm (security)	2.36-9+deb12u7 fixed
sid	2.40-3 fixed
trixie	2.40-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

eglibc

hirsute	dne
groovy	dne
focal	dne
eoan	dne
disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
xenial	dne
trusty	Fixed 2.19-0ubuntu6.14 released

glibc

hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	Fixed 2.26-0ubuntu2.1 released
zesty	ignored
xenial	Fixed 2.23-0ubuntu10 released
trusty	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/101535

https://access.redhat.com/errata/RHSA-2018:0805

https://access.redhat.com/errata/RHSA-2018:1879

https://sourceware.org/bugzilla/show_bug.cgi?id=22332

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8

http://www.securityfocus.com/bid/101535

https://access.redhat.com/errata/RHSA-2018:0805

https://access.redhat.com/errata/RHSA-2018:1879

https://sourceware.org/bugzilla/show_bug.cgi?id=22332

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8