CVE-2019-15540

{"id": "CVE-2019-15540", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-08-25T17:15:10.480", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html", "source": "cve@mitre.org"}, {"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceforge.net/p/cdemu/bugs/119/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00086.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00089.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00017.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gist.github.com/andreafioraldi/baa79cd78131888d98d6ba680d5f514e", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceforge.net/p/cdemu/bugs/119/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceforge.net/p/cdemu/code/ci/0e9292c9aa34bf545f43f7efe5f0b94faba94962/", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user."}, {"lang": "es", "value": "filters / filter-cso / filter-stream.c en el filtro CSO en libMirage 3.2.2 en CDemu no valida parte del tama\u00f1o, lo que desencadena un desbordamiento de b\u00fafer que puede conducir al acceso de root por parte de un usuario local de Linux."}], "lastModified": "2024-11-21T04:28:58.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cdemu:libmirage:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6F89A30-EA96-4F72-8160-459DF928515C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}