Vulnerability CVE-2017-15101

Vulnerability Name:

CVE-2017-15101 (CCN-136407)

Assigned:

2017-11-02

Published:

2017-11-02

Updated:

2019-10-09

Summary:

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119
CWE-121

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2017-15101

Source: CCN
Type: Liblouis Web site
Liblouis- An open-source braille translator and back-translator.

Source: REDHAT
Type: Third Party Advisory
RHSA-2017:3384

Source: CCN
Type: Red Hat Bugzilla Bug 1511023
(CVE-2017-15101) CVE-2017-15101 liblouis: incomplete fix for CVE-2014-8184

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101

Source: XF
Type: UNKNOWN
liblouis-cve201715101-bo(136407)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-15101

Vulnerable Configuration:

Configuration 1:

cpe:/a:liblouis:liblouis:*:*:*:*:*:*:*:* (Version < 2.5.4)

Configuration 2:

cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:liblouis:liblouis:3.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201715101	V	CVE-2017-15101	2022-05-22
oval:org.opensuse.security:def:30289	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:33794	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:34612	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:34600	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:34601	P	Security update for the Linux Kernel (Important)	2021-12-01
oval:org.opensuse.security:def:31302	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:33995	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:30136	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:34544	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:31253	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:33700	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:33699	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:33956	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:34500	P	Security update for mariadb (Important)	2021-08-06
oval:org.opensuse.security:def:34475	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:32950	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:33930	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:31197	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:36134	P	ghostscript-fonts-other-8.62-32.34.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36093	P	bind-9.9.6P1-0.5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31170	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:32082	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:28914	P	Security update for xen (Important)	2021-04-20
oval:org.opensuse.security:def:33106	P	Security update for opensc (Moderate)	2021-03-31
oval:org.opensuse.security:def:30050	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:31362	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:34026	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:31341	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:34436	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:35237	P	Security update for gimp (Moderate)	2020-12-29
oval:org.opensuse.security:def:32499	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35078	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:30495	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30591	P	Security update for openssl-certs	2020-12-01
oval:org.opensuse.security:def:34083	P	Security update for mailman (Moderate)	2020-12-01
oval:org.opensuse.security:def:29225	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:29689	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:32806	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35345	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:30808	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:34387	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:29943	P	Security update for liblouis (Moderate)	2020-12-01
oval:org.opensuse.security:def:29774	P	Security update for glibc	2020-12-01
oval:org.opensuse.security:def:35455	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:28489	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:31042	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:33251	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28773	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:35222	P	Security update for liblouis (Moderate)	2020-12-01
oval:org.opensuse.security:def:34696	P	Security update for xorg-x11-libXrender	2020-12-01
oval:org.opensuse.security:def:30344	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:29066	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:31406	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:32488	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34988	P	Security update for glib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30451	P	Security update for Mozilla XULrunner	2020-12-01
oval:org.opensuse.security:def:30590	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:29208	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32712	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35296	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:30676	P	Security update for ImageMagick (Low)	2020-12-01
oval:org.opensuse.security:def:34329	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:29907	P	Security update for less (Moderate)	2020-12-01
oval:org.opensuse.security:def:29701	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:35411	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:28478	P	Security update for zlib (Moderate)	2020-12-01
oval:org.opensuse.security:def:30955	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:29993	P	Security update for libtcnative-1-0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33212	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28688	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:35182	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:33318	P	stunnel-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32487	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34931	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:30432	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:29169	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:32577	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31133	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:30602	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:34172	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:29269	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29690	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32863	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35384	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:28477	P	Security update for yast2-storage (Moderate)	2020-12-01
oval:org.opensuse.security:def:30898	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Moderate)	2020-12-01
oval:org.opensuse.security:def:29906	P	Security update for lcms	2020-12-01
oval:org.opensuse.security:def:33163	P	libmysql55client18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28557	P	Security update for GnuTLS	2020-12-01
oval:org.opensuse.security:def:33274	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28830	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:34832	P	Security update for bash (Low)	2020-12-01
oval:org.opensuse.security:def:30393	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:29120	P	Security update for java-1_7_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32044	P	Security update for krb5 (Moderate)	2020-12-01
oval:com.ubuntu.xenial:def:2017151010000000	V	CVE-2017-15101 on Ubuntu 16.04 LTS (xenial) - medium.	2018-07-27
oval:com.ubuntu.trusty:def:201715101000	V	CVE-2017-15101 on Ubuntu 14.04 LTS (trusty) - medium.	2018-07-27
oval:com.ubuntu.xenial:def:201715101000	V	CVE-2017-15101 on Ubuntu 16.04 LTS (xenial) - medium.	2018-07-27
oval:com.redhat.rhsa:def:20173384	P	RHSA-2017:3384: liblouis security update (Moderate)	2017-12-05
oval:com.ubuntu.artful:def:201715101000	V	CVE-2017-15101 on Ubuntu 17.10 (artful) - medium.	2017-11-08

BACK