CVE-2015-8983

Priority
Medium
Description
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in
the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via vectors related to computing a size in bytes,
which triggers a heap-based buffer overflow.
Ubuntu-Description
It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker
could use this to cause a denial of service or possibly execute
arbitrary code.
References
Bugs
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.10)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.22)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.23-0ubuntu3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:released (2.21-0ubuntu4.0.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.23-0ubuntu3)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.23-0ubuntu3)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
More Information

Updated: 2017-09-28 22:14:36 UTC (commit 13419)