PT-2015-7847 · Gnu+3 · Glibc+3

Florian Weimer

+1

·

Published

2015-12-09

·

Updated

2022-03-21

·

CVE-2015-8983

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GNU C Library (aka glibc or libc6) versions prior to 2.22
Description The issue is related to an integer overflow in the IO wstr overflow function, which can lead to a denial of service (application crash) or possibly allow execution of arbitrary code. This is triggered by computing a size in bytes, resulting in a heap-based buffer overflow.
Recommendations For versions prior to 2.22, update to version 2.22 or later to resolve the issue. As a temporary workaround, consider restricting the use of the IO wstr overflow function to minimize the risk of exploitation.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2015-2084
CVE-2015-8983
DLA-316-1
SUSE-SU-2022:14923-1
SUSE-SU-2022_14923-1
USN-3239-1
USN-3239-2

Affected Products

Alt Linux
Suse
Ubuntu
Glibc