CVE-2015-5957

NameCVE-2015-5957
DescriptionBuffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-289-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
remind (PTS)wheezy03.01.12-1vulnerable
jessie03.01.13-1vulnerable
buster, sid, stretch03.01.15-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
remindsource(unstable)03.01.15-1unimportant
remindsourcesqueeze03.01.05-2+deb6u1highDLA-289-1

Notes

Non-exploitable starting with Wheezy due to D_FORTIFY_SOURCE

Search for package or bug name: Reporting problems