CVE-2015-5229

moderate-risk

Published 2016-04-08

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

Do I need to act?

1.00% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (9)

Enterprise Linux Hpc Node Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Affected Vendors

Redhat

References (14)

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2016-0176.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.h...

http://www.securityfocus.com/bid/84172

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1246713

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1256285

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1293976

https://kc.mcafee.com/corporate/index?page=content&id=SB10150

Vendor Advisory http://rhn.redhat.com/errata/RHSA-2016-0176.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.h...

http://www.securityfocus.com/bid/84172

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1246713

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1256285

Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1293976

https://kc.mcafee.com/corporate/index?page=content&id=SB10150

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 3/34 · Minimal

Exposure 15/34 · Moderate