CVE-2015-8779

Published: 19 April 2016

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.

From the Ubuntu security team

Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
eglibc Launchpad, Ubuntu, Debian	Upstream	Needed




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.19-0ubuntu6.8)
glibc Launchpad, Ubuntu, Debian	Upstream	Needed




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (2.23-0ubuntu1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
	Patches: Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f58539030e436449f79189b6edab17d7479796e

References

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=17905#c0

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›