Vulnerability Details : CVE-2015-8872
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
Vulnerability category: Denial of service
Products affected by CVE-2015-8872
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:dosfstools_project:dosfstools:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8872
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8872
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
6.2
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
NIST |
CWE ids for CVE-2015-8872
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8872
-
https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
set_fat(): Fix off-by-2 error leading to corruption in FAT12 · dosfstools/dosfstools@0790812 · GitHub
-
http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html
openSUSE-SU-2016:2233-1: moderate: Security update for dosfstools
-
https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
dosfstools / fsck.vfat: Several invalid memory accesses | The Fuzzing ProjectVendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html
openSUSE-SU-2016:1461-1: moderate: Security update for dosfstools
-
http://www.securityfocus.com/bid/90311
dosfstools Multiple Security Vulnerabilities
-
https://github.com/dosfstools/dosfstools/issues/12
fsck.vfat invalid memory access in get_fat · Issue #12 · dosfstools/dosfstools · GitHubVendor Advisory
-
https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html
-
https://github.com/dosfstools/dosfstools/releases/tag/v4.0
Release dosfstools 4.0 · dosfstools/dosfstools · GitHubPatch
-
http://www.ubuntu.com/usn/USN-2986-1
USN-2986-1: dosfstools vulnerabilities | Ubuntu security notices
Jump to