FKIE_CVE-2017-7523
Vulnerability from fkie_nvd - Published: 2017-07-21 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://cygwin.com/ml/cygwin/2017-05/msg00149.html | Exploit, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cygwin.com/ml/cygwin/2017-05/msg00149.html | Exploit, Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cygwin | cygwin | 1.7.2 | |
| cygwin | cygwin | 1.7.3 | |
| cygwin | cygwin | 1.7.5 | |
| cygwin | cygwin | 1.7.6 | |
| cygwin | cygwin | 1.7.7 | |
| cygwin | cygwin | 1.7.8 | |
| cygwin | cygwin | 1.7.9 | |
| cygwin | cygwin | 1.7.10 | |
| cygwin | cygwin | 1.7.11 | |
| cygwin | cygwin | 1.7.12 | |
| cygwin | cygwin | 1.7.13 | |
| cygwin | cygwin | 1.7.14 | |
| cygwin | cygwin | 1.7.15 | |
| cygwin | cygwin | 1.7.16 | |
| cygwin | cygwin | 1.7.17 | |
| cygwin | cygwin | 1.7.18 | |
| cygwin | cygwin | 1.7.19 | |
| cygwin | cygwin | 1.7.21 | |
| cygwin | cygwin | 1.7.22 | |
| cygwin | cygwin | 1.7.23 | |
| cygwin | cygwin | 1.7.24 | |
| cygwin | cygwin | 1.7.25 | |
| cygwin | cygwin | 1.7.26 | |
| cygwin | cygwin | 1.7.27 | |
| cygwin | cygwin | 1.7.28 | |
| cygwin | cygwin | 1.7.29 | |
| cygwin | cygwin | 1.7.31 | |
| cygwin | cygwin | 1.7.32 | |
| cygwin | cygwin | 1.7.33 | |
| cygwin | cygwin | 1.7.34 | |
| cygwin | cygwin | 1.7.35 | |
| cygwin | cygwin | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28230858-0B1C-4336-8C5C-86C96DFA098F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "581471BF-47F8-4742-986D-ADCD70179D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D9333B-AB0D-4ACF-9747-5ED10CE5C073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BB48C8F3-1BAE-4159-95C7-ECF847ED8E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A0165998-89F7-4891-8CC7-905380858261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49200723-56CD-44E7-9E8F-5213F1006ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "83811F47-2B4B-4659-86A1-AE36375DFB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A57C27C7-2DC7-40C4-BCA6-997409AEE479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF3225-5B2C-4CD9-80D4-ABC64745FB2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A964D38B-3B81-4891-B01B-527A2EE7ACC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B96CD403-2DF6-44CB-AB89-83B392061CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A1266B5C-D791-430A-ADC7-DB279624AB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6D58DCAD-1D5E-4891-B627-98FAA8E11D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B653FC24-6783-4A25-84A3-AF08F6590B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E839FA-A8B6-490B-B5AB-39EB9625D05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2DA96F-099E-4F6C-A836-1C0EFD32CE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3A49C1A8-8A3F-4C05-86ED-42B7DED2A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC0DABE-12A0-4832-B177-7146F086ECE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F127A321-5212-471A-A132-4526260E6C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "044A1B33-23A1-40C0-99A2-819702B177DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E19116C2-EB1C-403A-9965-3113935317CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2E279B8F-9545-4B17-94CE-74C8D79AAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C7B4E2-CC33-4D47-AF3C-74022E784D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A346A2F6-B834-4DB3-839F-1F5A9A11E1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "EB231BE4-64CB-44BE-81EF-7697AB63DAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "A4ECD96C-EFE2-449D-AD26-F754CC622978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE94167-C3B7-4A16-9886-6ADDFB2135FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CD0846-39D0-4736-9D78-C01FA5ED42B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8567DA10-2EF4-468D-A03E-DF84BEDDA4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "169F927F-EB92-41A9-8781-BD04C0538793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F8AA4897-2A28-4198-B86F-283D21607859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cygwin:cygwin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1741D63-6937-4C12-BAA4-06679806E4BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string."
},
{
"lang": "es",
"value": "Cygwin versiones 1.7.2 hasta e incluyendo a 1.8.0, son susceptibles a una vulnerabilidad de desbordamiento de b\u00fafer en las funciones wcsxfrm y wcsxfrm_l resultando en una denegaci\u00f3n de servicio por el bloqueo o el posible secuestro del proceso que se ejecuta con privilegios administrativos activado por una cadena de entrada especialmente creada."
}
],
"id": "CVE-2017-7523",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-21T22:29:00.283",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://cygwin.com/ml/cygwin/2017-05/msg00149.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://cygwin.com/ml/cygwin/2017-05/msg00149.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…