CVE-2015-8982

Publication date 31 December 2015

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

8.1 · High

Score breakdown

Description

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

From the Ubuntu Security Team

It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Status

Package Ubuntu Release Status
eglibc 16.10 yakkety Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
Fixed 2.19-0ubuntu6.10
12.04 LTS precise
Fixed 2.15-0ubuntu10.16
glibc 16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.1 · High

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3239-1
    • GNU C Library vulnerabilities
    • 21 March 2017

Other references

Access our resources on patching vulnerabilities