CVE-2017-7523
21.07.2017, 22:29
Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| cygwin | cygwin | 1.7.2 |
| cygwin | cygwin | 1.7.3 |
| cygwin | cygwin | 1.7.5 |
| cygwin | cygwin | 1.7.6 |
| cygwin | cygwin | 1.7.7 |
| cygwin | cygwin | 1.7.8 |
| cygwin | cygwin | 1.7.9 |
| cygwin | cygwin | 1.7.10 |
| cygwin | cygwin | 1.7.11 |
| cygwin | cygwin | 1.7.12 |
| cygwin | cygwin | 1.7.13 |
| cygwin | cygwin | 1.7.14 |
| cygwin | cygwin | 1.7.15 |
| cygwin | cygwin | 1.7.16 |
| cygwin | cygwin | 1.7.17 |
| cygwin | cygwin | 1.7.18 |
| cygwin | cygwin | 1.7.19 |
| cygwin | cygwin | 1.7.21 |
| cygwin | cygwin | 1.7.22 |
| cygwin | cygwin | 1.7.23 |
| cygwin | cygwin | 1.7.24 |
| cygwin | cygwin | 1.7.25 |
| cygwin | cygwin | 1.7.26 |
| cygwin | cygwin | 1.7.27 |
| cygwin | cygwin | 1.7.28 |
| cygwin | cygwin | 1.7.29 |
| cygwin | cygwin | 1.7.31 |
| cygwin | cygwin | 1.7.32 |
| cygwin | cygwin | 1.7.33 |
| cygwin | cygwin | 1.7.34 |
| cygwin | cygwin | 1.7.35 |
| cygwin | cygwin | 1.8.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.