CVE-2016-15024 : A vulnerability was found in doomsider shadow. It has been classified as problem

A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.

Published 2023-02-19 18:15:10

Updated 2024-05-17 01:08:10

Source VulDB

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-15024

Doomsider Shadow Project » Doomsider Shadow
Versions before (<) 2016-06-09
cpe:2.3:a:doomsider_shadow_project:doomsider_shadow:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-15024

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-15024

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.0	LOW	AV:L/AC:H/Au:S/C:N/I:N/A:P	1.5	2.9	VulDB
Access Vector: Local Access Complexity: High Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
2.5	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L	1.0	1.4	VulDB
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L	1.0	1.4	VulDB	2024-02-29
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-15024

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Secondary)

References for CVE-2016-15024

https://vuldb.com/?id.221478

Login required
Third Party Advisory
https://github.com/doomsider/shadow/commit/3332c5ba9ec3014ddc74e2147190a050eee97bc0

Fixed possible exploit, improved existing code · doomsider/shadow@3332c5b · GitHub
Patch
https://vuldb.com/?ctiid.221478

Login required
Permissions Required;Third Party Advisory

Jump to

Vulnerability Details : CVE-2016-15024

Products affected by CVE-2016-15024

Exploit prediction scoring system (EPSS) score for CVE-2016-15024

CVSS scores for CVE-2016-15024

CWE ids for CVE-2016-15024

References for CVE-2016-15024