CVE-2017-15364

low-risk
Published 2017-10-15

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Ccsv

Affected Vendors

Ccsv Project

References (4)

https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd
https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1#dif...
Third Party Advisory https://github.com/evan/ccsv/issues/15
Third Party Advisory https://github.com/evan/ccsv/issues/15
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal