CVE-2015-5277 (retired)

Priority
Description
The get_contents function in nss_files/files-XXX.c in the Name Service
Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow
local users to cause a denial of service (heap corruption) or gain
privileges via a long line in the NSS files database.
Ubuntu-Description
Sumit Bose and Lukáš Slebodník discovered that the Name Service
Switch (NSS) implementation in the GNU C Library did not handle long
lines in the files databases correctly. A local attacker could use
this to cause a denial of service (application crash) or possibly
execute arbitrary code.
Package
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-08-23 09:07:09 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)