CVE-2015-4041

{"id": "CVE-2015-4041", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-01-24T17:15:12.500", "references": [{"url": "http://openwall.com/lists/oss-security/2015/05/15/1", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=928749", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://openwall.com/lists/oss-security/2015/05/15/1", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=928749", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings."}, {"lang": "es", "value": "La funci\u00f3n keycompare_mb en el archivo sort.c en sort en GNU Coreutils versiones hasta 8.23 ??en plataformas de 64 bits, realiza un c\u00e1lculo de tama\u00f1o sin considerar el n\u00famero de bytes ocupados por caracteres multibyte, lo que permite a atacantes causar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria y bloqueo de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado por medio de cadenas UTF-8 largas."}], "lastModified": "2024-11-21T02:30:20.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "81D13BE3-10D6-43B1-A3DE-24EF4741D242", "versionEndIncluding": "8.23"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}