CVE-2011-5320 Information

Description

scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.openwall.com/lists/oss-security/2015/03/12/14 https://bugzilla.redhat.com/show_bug.cgi?id=1196745 https://marc.info/?l=gimp-developer&m=129567990905823&w=2 https://sourceware.org/bugzilla/show_bug.cgi?id=13138c4 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.2