CVE-2015-1783

Published: Aug 11, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

Affected (4)

Products: Fedoraproject: Fedora · Entrouvert: Lasso

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 20
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Entrouvert Lasso	Up to 2.4.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154321.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154355.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155382.html

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1199925

Source: secalert@redhat.com

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd

Source: secalert@redhat.com

PatchThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154321.html