Public Date:
1300303: CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r
An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.

Find out more about CVE-2015-8778 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5.1
Base Metrics AV:N/AC:H/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

CVSS v3 metrics

CVSS3 Base Score 8.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (glibc) RHSA-2017:1916 2017-08-01
Red Hat Enterprise Linux 6 (glibc) RHSA-2017:0680 2017-03-21

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 compat-glibc Will not fix
Red Hat Enterprise Linux 6 compat-glibc Will not fix
Red Hat Enterprise Linux 5 compat-glibc Will not fix
Red Hat Enterprise Linux 5 glibc Will not fix


Do not use any applications which call hcreate or hcreate_r with a large size argument.

These functions are used only rarely, and most callers supply a constant argument. Other applications calculate the size argument in such a way that the error condition cannot be triggered.

Last Modified