Bug 1209105 (CVE-2015-1473) - CVE-2015-1473 glibc: Stack-overflow in glibc swscanf
Summary: CVE-2015-1473 glibc: Stack-overflow in glibc swscanf
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-1473
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1209106 1209107
Blocks: 1188240 1210268 1262918
TreeView+ depends on / blocked
 
Reported: 2015-04-06 06:55 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-17 05:27 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-11-20 05:54:22 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1188235 0 low CLOSED CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHSA-2015:2199 0 normal SHIPPED_LIVE Moderate: glibc security, bug fix, and enhancement update 2015-11-19 08:04:22 UTC
Red Hat Product Errata RHSA-2015:2589 0 normal SHIPPED_LIVE Important: glibc security update 2015-12-09 13:57:25 UTC

Description Huzaifa S. Sidhpurwala 2015-04-06 06:55:10 UTC 
It was found that the malloc fallback logic when running *scanf() does not have happen at the precise moment (scanf choses between heap and stack), this can lead to a stack-overflow in certain configurations.

Reference:

https://security-tracker.debian.org/tracker/CVE-2015-1473
Comment 2 Martin Sebor 2015-06-03 18:08:24 UTC 
This report is a duplicate of bug 1188235 - (CVE-2015-1472) CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf.
Comment 3 Huzaifa S. Sidhpurwala 2015-07-17 06:00:31 UTC 
(In reply to Martin Sebor from comment #2)
> This report is a duplicate of bug 1188235 - (CVE-2015-1472) CVE-2015-1472
> glibc: heap buffer overflow in glibc swscanf.

Not as per debian, see difference between:

https://security-tracker.debian.org/tracker/CVE-2015-1472 and
https://security-tracker.debian.org/tracker/CVE-2015-1473
Comment 5 Martin Sebor 2015-07-17 14:48:07 UTC 
(In reply to Huzaifa S. Sidhpurwala from comment #3)
> Not as per debian, see difference between:
> 
> https://security-tracker.debian.org/tracker/CVE-2015-1472 and
> https://security-tracker.debian.org/tracker/CVE-2015-1473

Sorry, I don't see it. The upstream bug and fix are the same in both:

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
Comment 6 Vincent Danen 2015-08-22 05:59:37 UTC 
Statement:

This issue does not affect the version of glibc package as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 8 errata-xmlrpc 2015-11-19 04:17:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2199 https://rhn.redhat.com/errata/RHSA-2015-2199.html
Comment 9 errata-xmlrpc 2015-12-09 08:58:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only
  Red Hat Enterprise Linux 7.1 EUS  - Server and Compute Node Only

Via RHSA-2015:2589 https://rhn.redhat.com/errata/RHSA-2015-2589.html
Note You need to log in before you can comment on or make changes to this bug.