CVE-2015-4041: Denial of service (heap-based buffer overflow and application crash) in GNU Coreutils
21240
13 September 2022
13 September 2022
Closed
Low
Base Score: 7.8-HIGH-CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
CVE-2015-4041
Summary Security Advisory ID : BSA-2022-1407 Component : GNU Coreutils Revision : 1.0
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
Notes: Brocade Fabric OS does not utilize the keycompare_mb() function. Brocade Fabric OS is Not Affected by this vulnerability. Security updates are provided in Brocade Fabric OS version v9.1.0 to remove the vulnerable component.
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
A security update was provided in Brocade Fabric OS v9.1.0 to remove the vulnerable components.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | Sept 13, 2022 |