mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
180 lines
6.0 KiB
JSON
180 lines
6.0 KiB
JSON
{
|
|
"id": "CVE-2015-7179",
|
|
"sourceIdentifier": "security@mozilla.org",
|
|
"published": "2015-09-24T04:59:26.927",
|
|
"lastModified": "2016-12-22T03:00:16.857",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad en la funci\u00f3n VertexBufferInterface::reserveVertexSpace en libGLES en ANGLE, tal como se utiliza en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3 en Windows, asigna memoria incorrectamente para arrays de atributo sombreador, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (desbordamiento de buffer y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de (1) OpenGL o (2) contenido WebGL manipulado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-119"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "40.0.3",
|
|
"matchCriteriaId": "4EE7B0EF-4A3A-4353-8B50-6F28B5CADBDB"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "818D58B7-3BA2-4CE5-9D9A-65F5B24AB6D0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F5442BB-3E3F-4E91-B76B-6B379B47E2BD"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-113.html",
|
|
"source": "security@mozilla.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/76816",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1033640",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190526",
|
|
"source": "security@mozilla.org"
|
|
}
|
|
]
|
|
} |