Vulnerability Details : CVE-2015-5229
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-5229
Probability of exploitation activity in the next 30 days: 1.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5229
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-5229
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5229
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10150
McAfee Security Bulletin: glibc vulnerabilities CVE-2015-5229 and CVE-2015-7547
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
https://bugzilla.redhat.com/show_bug.cgi?id=1246713
1246713 – CVE-2015-5229 glibc: calloc() returns non-zero'ed memoryVendor Advisory
-
http://www.securityfocus.com/bid/84172
GNU glibc CVE-2015-5229 Remote Denial of Service Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=1256285
1256285 – (CVE-2015-5229) CVE-2015-5229 glibc: calloc may return non-zero memoryVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1293976
1293976 – CVE-2015-5229 glibc: calloc() returns non-zero'ed memory [rhel-7.3.0]Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0176.html
RHSA-2016:0176 - Security Advisory - Red Hat Customer PortalVendor Advisory
Products affected by CVE-2015-5229
- cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*