Executive Summary

Informations
NameCVE-2017-15037First vendor Publication2017-10-05
VendorCveLast vendor Modification2017-10-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15037

CWE : Common Weakness Enumeration

%idName
50 %CWE-362Race Condition
50 %CWE-125Out-of-bounds Read

CPE : Common Platform Enumeration

TypeDescriptionCount
Os903

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/101191
CONFIRM https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687
https://svnweb.freebsd.org/base?view=revision&revision=324102

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
DateInformations
2019-03-20 12:08:13
  • Multiple Updates
2019-03-19 12:08:42
  • Multiple Updates
2018-11-24 12:05:26
  • Multiple Updates
2018-10-12 12:05:16
  • Multiple Updates
2018-05-19 12:04:38
  • Multiple Updates
2018-04-06 01:05:34
  • Multiple Updates
2017-11-02 12:05:11
  • Multiple Updates
2017-10-14 00:22:57
  • Multiple Updates
2017-10-08 09:23:17
  • Multiple Updates
2017-10-06 09:23:07
  • Multiple Updates
2017-10-05 13:25:06
  • First insertion