The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
http://openwall.com/lists/oss-security/2015/02/04/1
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72499
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
OR
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.20 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
125004 | EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551) | Nessus | Huawei Local Security Checks | critical |
88573 | RHEL 7 : glibc (RHSA-2015:2589) | Nessus | Red Hat Local Security Checks | high |
87556 | Scientific Linux Security Update : glibc on SL7.x x86_64 (20151119) | Nessus | Scientific Linux Local Security Checks | high |
87343 | Amazon Linux AMI : glibc (ALAS-2015-617) | Nessus | Amazon Linux Local Security Checks | high |
87142 | CentOS 7 : glibc (CESA-2015:2199) | Nessus | CentOS Local Security Checks | high |
87092 | Oracle Linux 7 : glibc (ELSA-2015-2199) | Nessus | Oracle Linux Local Security Checks | high |
86937 | RHEL 7 : glibc (RHSA-2015:2199) | Nessus | Red Hat Local Security Checks | high |
82421 | Mandriva Linux Security Advisory : glibc (MDVSA-2015:168) | Nessus | Mandriva Local Security Checks | high |
82149 | Debian DLA-165-1 : eglibc security update | Nessus | Debian Local Security Checks | high |
81572 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : eglibc, glibc vulnerabilities (USN-2519-1) | Nessus | Ubuntu Local Security Checks | high |
81448 | Debian DSA-3169-1 : eglibc - security update | Nessus | Debian Local Security Checks | high |