{
  "threat_severity" : "Moderate",
  "public_date" : "2015-01-29T00:00:00Z",
  "bugzilla" : {
    "description" : "glibc: Unbounded stack allocation in catopen function",
    "id" : "1300312",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300312"
  },
  "cvss" : {
    "cvss_base_score" : "5.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", "A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-03-21T00:00:00Z",
    "advisory" : "RHSA-2017:0680",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "glibc-0:2.12-1.209.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-01T00:00:00Z",
    "advisory" : "RHSA-2017:1916",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "glibc-0:2.17-196.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-8779\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8779" ],
  "name" : "CVE-2015-8779",
  "mitigation" : {
    "value" : "Do not use applications which call catopen with unbounded strings.  The catopen function is rarely used.  Typical application usage involves passing a short, constant string to catopen, so most applications are not affect even if they call catopen.",
    "lang" : "en:us"
  },
  "csaw" : false
}