{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-20T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20170214 Re: Pending CVE requests for glibc", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"}, {"name": "72789", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72789"}, {"name": "[oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185"}, {"name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8984", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20170214 Re: Pending CVE requests for glibc", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"}, {"name": "72789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72789"}, {"name": "[oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"}, {"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", "refsource": "CONFIRM", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185"}, {"name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available", "refsource": "MLIST", "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", "refsource": "CONFIRM", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:36:31.160Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20170214 Re: Pending CVE requests for glibc", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"}, {"name": "72789", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72789"}, {"name": "[oss-security] 20150226 CVE request: glibc: potential application crash due to overread in fnmatch", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185"}, {"name": "[libc-alpha] 20150814 The GNU C Library version 2.22 is now available", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8984", "datePublished": "2017-03-20T16:00:00", "dateReserved": "2017-02-14T00:00:00", "dateUpdated": "2024-08-06T08:36:31.160Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "57CAD5CA-C7C1-4567-8E5B-FCA4DA4D516D", "versionEndIncluding": "2.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read."}, {"lang": "es", "value": "La funci\u00f3n fnmatch en GNU C Library (tambi\u00e9n conocida como glibc o libc6) en versiones anteriores a 2.22 podr\u00eda permitir a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un patr\u00f3n malformado, que desencadena una lectura fuera de l\u00edmites."}], "id": "CVE-2015-8984", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-20T16:59:01.500", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72789"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/14/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4a28f4d55a6cc33474c0792fe93b5942d81bf185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "glibc: potential denial of service in internal_fnmatch()", "id": "1197730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197730"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", "A flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application."], "name": "CVE-2015-8984", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8984\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8984"], "threat_severity": "Low"}