Vulnerability Details : CVE-2015-4646
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-4646
- cpe:2.3:a:squashfs_project:squashfs:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4646
0.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4646
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2015-4646
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4646
-
https://security.gentoo.org/glsa/201701-73
SQUASHFS: Multiple vulnerabilities (GLSA 201701-73) — Gentoo securityThird Party Advisory
-
https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1
unsquashfs-4: Add more sanity checks + fix CVE-2015-4645/6 · plougher/squashfs-tools@f95864a · GitHubThird Party Advisory
-
http://www.securityfocus.com/bid/75272
Squashfs and sasquatch 'read_fragment_table_4' Multiple Stack Buffer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
-
http://seclists.org/oss-sec/2015/q2/756
oss-sec: Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatchMailing List;Third Party Advisory;VDB Entry
Jump to