CVE-2015-2675

Impact:
Low
Public Date:
2014-09-03
CWE:
CWE-704
Bugzilla:
1199049: CVE-2015-2675 rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url
It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library.

Find out more about CVE-2015-2675 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:L/AC:L/Au:N/C:N/I:N/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (rest) RHSA-2015:2237 2015-11-19

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.