CVE-2015-4041

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://openwall.com/lists/oss-security/2015/05/15/1	Exploit Mailing List Patch Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=928749	Issue Tracking Third Party Advisory
https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:x64:*

History

No history.

Information

Published : 2020-01-24 17:15

Updated : 2024-02-28 17:28

NVD link : CVE-2015-4041

Mitre link : CVE-2015-4041

CVE.ORG link : CVE-2015-4041

JSON object : View

Products Affected

gnu

coreutils

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2015-4041", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-01-24T17:15:12.500", "references": [{"url": "http://openwall.com/lists/oss-security/2015/05/15/1", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=928749", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings."}, {"lang": "es", "value": "La funci\u00f3n keycompare_mb en el archivo sort.c en sort en GNU Coreutils versiones hasta 8.23 ??en plataformas de 64 bits, realiza un c\u00e1lculo de tama\u00f1o sin considerar el n\u00famero de bytes ocupados por caracteres multibyte, lo que permite a atacantes causar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria y bloqueo de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado por medio de cadenas UTF-8 largas."}], "lastModified": "2020-02-01T17:33:45.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "81D13BE3-10D6-43B1-A3DE-24EF4741D242", "versionEndIncluding": "8.23"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}