Linux Kernel 4.3-rc1 x509_cert_parser.c x509_decode_time out-of-bounds read

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Linux Kernel 4.3-rc1 (Operating System). This vulnerability affects the function x509_decode_time of the file x509_cert_parser.c. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/26/2017 09:01 AM11/19/2019 01:12 PM01/14/2021 12:06 PM
cvss3_meta_tempscore6.46.46.4
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iNNN
cvss3_nvd_aNNN
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
locationoss-secoss-secoss-sec
urlhttp://www.openwall.com/lists/oss-security/2015/11/27/1http://www.openwall.com/lists/oss-security/2015/11/27/1http://www.openwall.com/lists/oss-security/2015/11/27/1
confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=1278978https://bugzilla.redhat.com/show_bug.cgi?id=1278978https://bugzilla.redhat.com/show_bug.cgi?id=1278978
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2015-5327CVE-2015-5327CVE-2015-5327
cve_assigned143570880014357088001435708800
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryOut-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
securityfocus107890107890107890
securityfocus_titleLinux Kernel CVE-2019-11190 Local Security Bypass VulnerabilityLinux Kernel CVE-2019-11190 Local Security Bypass VulnerabilityLinux Kernel CVE-2019-11190 Local Security Bypass Vulnerability
qualys_id157983157983157983
qualys_titleOracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4642)Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4642)Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4642)
seealso82964 115786 131935 133369 13337082964 115786 131935 133369 13337082964 115786 131935 133369 133370
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcCCC
0day_days668668668
cvss3_nvd_basescore6.56.56.5
typeOperating SystemOperating SystemOperating System
vendorLinuxLinuxLinux
nameKernelKernelKernel
version4.3-rc14.3-rc14.3-rc1
filex509_cert_parser.cx509_cert_parser.cx509_cert_parser.c
functionx509_decode_timex509_decode_timex509_decode_time
cwe125 (information disclosure)125 (information disclosure)125 (information disclosure)
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore6.56.56.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciPPP
cvss2_nvd_iiNNN
cvss2_nvd_aiNNN
cvss3_meta_basescore6.46.46.4
securityfocus_date1554249600 (04/03/2019)1554249600 (04/03/2019)
securityfocus_classRace Condition ErrorRace Condition Error
discoverydate14485824001448582400
person_nameFederico Bento
cvss2_nvd_basescore4.0

Do you know our Splunk app?

Download it now for free!