CVE-2015-5957

NameCVE-2015-5957
DescriptionBuffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-289-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
remind (PTS)bullseye03.03.01-1fixed
bookworm04.02.03-4fixed
sid, trixie05.00.07-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
remindsourcesqueeze03.01.05-2+deb6u1DLA-289-1
remindsource(unstable)03.01.15-1unimportant

Notes

Non-exploitable starting with Wheezy due to D_FORTIFY_SOURCE

Search for package or bug name: Reporting problems