Bug 1188235 (CVE-2015-1472)
Summary: | CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | arjun.is, ashankar, carnil, codonell, fweimer, jakub, jrusnack, law, magoldma, mnewsome, pfrankli, slawomir, tfrazier |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-20 05:49:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1188237, 1209106, 1209107, 1242303 | ||
Bug Blocks: | 1188240, 1210268, 1262918 |
Description
Vasyl Kaigorodov
2015-02-02 11:45:11 UTC
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1188237] Now fixed in upstream. commit 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 Author: Paul Pluzhnikov <ppluzhnikov> Date: Fri Feb 6 00:30:42 2015 -0500 CVE-2015-1472: wscanf allocates too little memory BZ #16618 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. A regression test was added to tst-sscanf. glibc-2.20-8.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. Statement: This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5 and 6 as they did use different memory allocation algorithm in swscanf() function. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Via RHSA-2015:2589 https://rhn.redhat.com/errata/RHSA-2015-2589.html |