First published: Wed Apr 08 2015(Updated: )
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ubuntu Linux | =10.04 | |
Ubuntu Linux | =12.04 | |
Ubuntu Linux | =14.04 | |
Ubuntu Linux | =14.10 | |
GNU C Library | <=2.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-1473 has a medium severity rating, primarily affecting systems built on vulnerable versions of glibc.
To address CVE-2015-1473, upgrade the GNU C Library to version 2.21 or later.
CVE-2015-1473 affects Ubuntu versions 10.04, 12.04, 14.04, and 14.10.
CVE-2015-1473 could allow attackers to exploit a denial of service condition, such as segmentation violations.
CVE-2015-1473 is not limited to specific applications but affects any application relying on vulnerable versions of glibc.