Linux Kernel 4.3-rc1 x509_cert_parser.c x509_decode_time out-of-bounds read

A vulnerability classified as critical was found in Linux Kernel 4.3-rc1 (Operating System). This vulnerability affects the function x509_decode_time of the file x509_cert_parser.c. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	09/26/2017 09:01 AM	11/19/2019 01:12 PM	01/14/2021 12:06 PM
cvss3_meta_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.3	6.3	6.3
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	L	L	L
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	N	N	N
cvss3_nvd_a	N	N	N
date	1506297600 (09/25/2017)	1506297600 (09/25/2017)	1506297600 (09/25/2017)
location	oss-sec	oss-sec	oss-sec
url	http://www.openwall.com/lists/oss-security/2015/11/27/1	http://www.openwall.com/lists/oss-security/2015/11/27/1	http://www.openwall.com/lists/oss-security/2015/11/27/1
confirm_url	https://bugzilla.redhat.com/show_bug.cgi?id=1278978	https://bugzilla.redhat.com/show_bug.cgi?id=1278978	https://bugzilla.redhat.com/show_bug.cgi?id=1278978
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve	CVE-2015-5327	CVE-2015-5327	CVE-2015-5327
cve_assigned	1435708800	1435708800	1435708800
cve_nvd_published	1506297600	1506297600	1506297600
cve_nvd_summary	Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.	Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.	Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
securityfocus	107890	107890	107890
securityfocus_title	Linux Kernel CVE-2019-11190 Local Security Bypass Vulnerability	Linux Kernel CVE-2019-11190 Local Security Bypass Vulnerability	Linux Kernel CVE-2019-11190 Local Security Bypass Vulnerability
qualys_id	157983	157983	157983
qualys_title	Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4642)	Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4642)	Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2019-4642)
seealso	82964 115786 131935 133369 133370	82964 115786 131935 133369 133370	82964 115786 131935 133369 133370
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	C	C	C
0day_days	668	668	668
cvss3_nvd_basescore	6.5	6.5	6.5
type	Operating System	Operating System	Operating System
vendor	Linux	Linux	Linux
name	Kernel	Kernel	Kernel
version	4.3-rc1	4.3-rc1	4.3-rc1
file	x509_cert_parser.c	x509_cert_parser.c	x509_cert_parser.c
function	x509_decode_time	x509_decode_time	x509_decode_time
cwe	125 (information disclosure)	125 (information disclosure)	125 (information disclosure)
risk	2	2	2
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	6.5	6.5	6.5
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	S	S	S
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	N	N	N
cvss2_nvd_ai	N	N	N
cvss3_meta_basescore	6.4	6.4	6.4
securityfocus_date		1554249600 (04/03/2019)	1554249600 (04/03/2019)
securityfocus_class		Race Condition Error	Race Condition Error
discoverydate		1448582400	1448582400
person_name			Federico Bento
cvss2_nvd_basescore			4.0

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!