CVE-2015-5229 : The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize mem

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

Published 2016-04-08 15:59:00

Updated 2016-11-28 19:32:40

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-5229

Probability of exploitation activity in the next 30 days: 1.03%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-5229

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-5229

CWE-17

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-5229

https://kc.mcafee.com/corporate/index?page=content&id=SB10150

McAfee Security Bulletin: glibc vulnerabilities CVE-2015-5229 and CVE-2015-7547

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1246713

1246713 – CVE-2015-5229 glibc: calloc() returns non-zero'ed memory
Vendor Advisory
http://www.securityfocus.com/bid/84172

GNU glibc CVE-2015-5229 Remote Denial of Service Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1256285

1256285 – (CVE-2015-5229) CVE-2015-5229 glibc: calloc may return non-zero memory
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1293976

1293976 – CVE-2015-5229 glibc: calloc() returns non-zero'ed memory [rhel-7.3.0]
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-0176.html

RHSA-2016:0176 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2015-5229

Redhat » Enterprise Linux » Version: 6.7
cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Hpc Node » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Hpc Node Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-5229

Exploit prediction scoring system (EPSS) score for CVE-2015-5229

CVSS scores for CVE-2015-5229

CWE ids for CVE-2015-5229

References for CVE-2015-5229

Products affected by CVE-2015-5229