CVE-2015-8948
moderate-risk
Published 2016-09-07
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Do I need to act?
~
4.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (6)
References (22)
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
Third Party Advisory
http://www.securityfocus.com/bid/92070
Third Party Advisory
http://www.ubuntu.com/usn/USN-3068-1
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
Third Party Advisory
http://www.securityfocus.com/bid/92070
Third Party Advisory
http://www.ubuntu.com/usn/USN-3068-1
and 2 more references
46
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
7/34 · Low
Exposure
13/34 · Low