Vulnerability CVE-2015-4645
Published: 2017-03-17

Description:
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

Type:

CWE-190

 (Integer Overflow or Wraparound)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Squashfs project -> Squashfs 
Phillip lougher -> Squashfs 
Fedoraproject -> Fedora 

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html
http://www.securityfocus.com/bid/75272
https://bugzilla.redhat.com/show_bug.cgi?id=1234886
https://github.com/devttys0/sasquatch/pull/5
https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1
https://security.gentoo.org/glsa/201701-73
Copyright 2024, cxsecurity.com

 

Back to Top