CVE-2015-8982

8.1 HIGH

Published: March 15, 2017 Modified: May 13, 2026

Description

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/13/3

Source: cve@mitre.org

Mailing List Patch Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/02/14/9

Source: cve@mitre.org

Mailing List Patch Third Party Advisory

http://www.securityfocus.com/bid/72602

Source: cve@mitre.org

Third Party Advisory VDB Entry

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://sourceware.org/bugzilla/show_bug.cgi?id=16009

Source: cve@mitre.org

Issue Tracking Patch

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=0f9e585480ed

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/02/13/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/02/14/9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch Third Party Advisory

http://www.securityfocus.com/bid/72602

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceware.org/bugzilla/show_bug.cgi?id=16009

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Patch

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=0f9e585480ed

Source: af854a3a-2127-422b-91ae-364da2661108

14 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.1 / 10.0

EPSS (Exploit Probability)

3.8%

89th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-190

Affected Vendors

gnu

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1