CVE-2015-2063 - Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a sm

CVE-2015-2063

Summary

Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a small file header in an ace archive, which triggers a buffer overflow.

References

http://www.debian.org/security/2015/dsa-3178
http://www.openwall.com/lists/oss-security/2015/02/24/1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775003

Vulnerable Configurations

cpe:2.3:a:winace:unace:1.2b:*:*:*:*:*:*:*
cpe:2.3:a:winace:unace:1.2b:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-04-2015 - 18:23)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775003
debian	DSA-3178
mlist	[oss-security] 20150223 Re: CVE request: unace

Last major update

09-04-2015 - 18:23

Published

09-03-2015 - 14:59

Last modified

09-04-2015 - 18:23