Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-5185 (GCVE-0-2015-5185)
Vulnerability from cvelistv5 – Published: 2015-09-28 20:00 – Updated: 2024-08-06 06:41
VLAI?
EPSS
Summary
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2015-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-14200",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
},
{
"name": "FEDORA-2015-14197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
},
{
"name": "[oss-security] 20150820 CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"name": "91212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91212"
},
{
"name": "openSUSE-SU-2015:1571",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"name": "FEDORA-2015-14199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-14200",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
},
{
"name": "FEDORA-2015-14197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
},
{
"name": "[oss-security] 20150820 CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"name": "91212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91212"
},
{
"name": "openSUSE-SU-2015:1571",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"name": "FEDORA-2015-14199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5185",
"datePublished": "2015-09-28T20:00:00.000Z",
"dateReserved": "2015-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:41:09.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-5185",
"date": "2026-04-17",
"epss": "0.01182",
"percentile": "0.78784"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-5185\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-09-28T20:59:01.937\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en la funci\u00f3n lookupProviders en providerMgr.c en sblim-sfcb 1.3.4 y 1.3.18, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un className vac\u00edo en un paquete.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E020CC14-4838-4ADF-90D9-D563F3B5025E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:1.3.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0618ADED-CBE8-46EC-9EBA-38609D58453C\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/08/21/2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/91212\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/08/21/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/91212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/476.html\\\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e\"}}"
}
}
FKIE_CVE-2015-5185
Vulnerability from fkie_nvd - Published: 2015-09-28 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| standards_based_linux_instrumentation | sblim-sfcb | 1.3.4 | |
| standards_based_linux_instrumentation | sblim-sfcb | 1.3.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E020CC14-4838-4ADF-90D9-D563F3B5025E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:1.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0618ADED-CBE8-46EC-9EBA-38609D58453C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n lookupProviders en providerMgr.c en sblim-sfcb 1.3.4 y 1.3.18, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un className vac\u00edo en un paquete."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2015-5185",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-28T20:59:01.937",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/91212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91212"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2015:2116-1
Vulnerability from csaf_suse - Published: 2015-11-27 09:03 - Updated: 2015-11-27 09:03Summary
Security update for sblim-sfcb
Severity
Moderate
Notes
Title of the patch: Security update for sblim-sfcb
Description of the patch:
This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185).
Patchnames: SUSE-SLE-DESKTOP-12-2015-904,SUSE-SLE-SERVER-12-2015-904
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sblim-sfcb",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-2015-904,SUSE-SLE-SERVER-12-2015-904",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2116-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2116-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152116-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2116-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-November/001702.html"
},
{
"category": "self",
"summary": "SUSE Bug 942628",
"url": "https://bugzilla.suse.com/942628"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5185 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5185/"
}
],
"title": "Security update for sblim-sfcb",
"tracking": {
"current_release_date": "2015-11-27T09:03:13Z",
"generator": {
"date": "2015-11-27T09:03:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2116-1",
"initial_release_date": "2015-11-27T09:03:13Z",
"revision_history": [
{
"date": "2015-11-27T09:03:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.4.8-5.3.3.ppc64le",
"product": {
"name": "sblim-sfcb-1.4.8-5.3.3.ppc64le",
"product_id": "sblim-sfcb-1.4.8-5.3.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.4.8-5.3.3.s390x",
"product": {
"name": "sblim-sfcb-1.4.8-5.3.3.s390x",
"product_id": "sblim-sfcb-1.4.8-5.3.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.4.8-5.3.3.x86_64",
"product": {
"name": "sblim-sfcb-1.4.8-5.3.3.x86_64",
"product_id": "sblim-sfcb-1.4.8-5.3.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12",
"product": {
"name": "SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.4.8-5.3.3.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:sblim-sfcb-1.4.8-5.3.3.x86_64"
},
"product_reference": "sblim-sfcb-1.4.8-5.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.4.8-5.3.3.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.ppc64le"
},
"product_reference": "sblim-sfcb-1.4.8-5.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.4.8-5.3.3.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.s390x"
},
"product_reference": "sblim-sfcb-1.4.8-5.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.4.8-5.3.3.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.x86_64"
},
"product_reference": "sblim-sfcb-1.4.8-5.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.4.8-5.3.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.ppc64le"
},
"product_reference": "sblim-sfcb-1.4.8-5.3.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.4.8-5.3.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.s390x"
},
"product_reference": "sblim-sfcb-1.4.8-5.3.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.4.8-5.3.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.x86_64"
},
"product_reference": "sblim-sfcb-1.4.8-5.3.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5185"
}
],
"notes": [
{
"category": "general",
"text": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:sblim-sfcb-1.4.8-5.3.3.x86_64",
"SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.ppc64le",
"SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.s390x",
"SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5185",
"url": "https://www.suse.com/security/cve/CVE-2015-5185"
},
{
"category": "external",
"summary": "SUSE Bug 942628 for CVE-2015-5185",
"url": "https://bugzilla.suse.com/942628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:sblim-sfcb-1.4.8-5.3.3.x86_64",
"SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.ppc64le",
"SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.s390x",
"SUSE Linux Enterprise Server 12:sblim-sfcb-1.4.8-5.3.3.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:sblim-sfcb-1.4.8-5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-11-27T09:03:13Z",
"details": "moderate"
}
],
"title": "CVE-2015-5185"
}
]
}
SUSE-SU-2015:2218-1
Vulnerability from csaf_suse - Published: 2015-12-07 14:09 - Updated: 2015-12-07 14:09Summary
Security update for sblim-sfcb
Severity
Moderate
Notes
Title of the patch: Security update for sblim-sfcb
Description of the patch:
This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185).
Patchnames: sledsp3-sblim-sfcb-12250,sledsp4-sblim-sfcb-12250,slessp3-sblim-sfcb-12250,slessp4-sblim-sfcb-12250
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sblim-sfcb",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sledsp3-sblim-sfcb-12250,sledsp4-sblim-sfcb-12250,slessp3-sblim-sfcb-12250,slessp4-sblim-sfcb-12250",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2218-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2218-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152218-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2218-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001722.html"
},
{
"category": "self",
"summary": "SUSE Bug 942628",
"url": "https://bugzilla.suse.com/942628"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5185 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5185/"
}
],
"title": "Security update for sblim-sfcb",
"tracking": {
"current_release_date": "2015-12-07T14:09:36Z",
"generator": {
"date": "2015-12-07T14:09:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2218-1",
"initial_release_date": "2015-12-07T14:09:36Z",
"revision_history": [
{
"date": "2015-12-07T14:09:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.3.11-0.25.4.i586",
"product": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586",
"product_id": "sblim-sfcb-1.3.11-0.25.4.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.3.11-0.25.4.ia64",
"product": {
"name": "sblim-sfcb-1.3.11-0.25.4.ia64",
"product_id": "sblim-sfcb-1.3.11-0.25.4.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.3.11-0.25.4.ppc64",
"product": {
"name": "sblim-sfcb-1.3.11-0.25.4.ppc64",
"product_id": "sblim-sfcb-1.3.11-0.25.4.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.3.11-0.25.4.s390x",
"product": {
"name": "sblim-sfcb-1.3.11-0.25.4.s390x",
"product_id": "sblim-sfcb-1.3.11-0.25.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"product": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"product_id": "sblim-sfcb-1.3.11-0.25.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sled:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
"product_id": "SUSE Linux Enterprise Desktop 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
"product_id": "SUSE Linux Enterprise Desktop 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ia64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.ia64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ppc64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.ppc64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.s390x as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.s390x"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.i586"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.ia64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.ppc64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.s390x"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.x86_64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.ia64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.ppc64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.s390x"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.ia64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.ppc64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.s390x"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.ia64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.ppc64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.s390x"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sblim-sfcb-1.3.11-0.25.4.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64"
},
"product_reference": "sblim-sfcb-1.3.11-0.25.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5185"
}
],
"notes": [
{
"category": "general",
"text": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Desktop 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Desktop 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5185",
"url": "https://www.suse.com/security/cve/CVE-2015-5185"
},
{
"category": "external",
"summary": "SUSE Bug 942628 for CVE-2015-5185",
"url": "https://bugzilla.suse.com/942628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Desktop 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Desktop 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Desktop 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:sblim-sfcb-1.3.11-0.25.4.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:sblim-sfcb-1.3.11-0.25.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-12-07T14:09:36Z",
"details": "moderate"
}
],
"title": "CVE-2015-5185"
}
]
}
GHSA-H74P-5CRF-72XC
Vulnerability from github – Published: 2022-05-14 02:07 – Updated: 2022-05-14 02:07
VLAI?
Details
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.
{
"affected": [],
"aliases": [
"CVE-2015-5185"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-09-28T20:59:00Z",
"severity": "MODERATE"
},
"details": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.",
"id": "GHSA-h74p-5crf-72xc",
"modified": "2022-05-14T02:07:39Z",
"published": "2022-05-14T02:07:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5185"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91212"
}
],
"schema_version": "1.4.0",
"severity": []
}
CNVD-2015-06459
Vulnerability from cnvd - Published: 2015-10-13
VLAI Severity ?
Title
sblim-sfcb拒绝服务漏洞
Description
sblim-sfcb是对公共信息模型对象管理器的一个开源实现。
sblim-sfcb的providerMgr.c文件中的‘lookupProviders’函数存在安全漏洞,允许远程攻击者可提交包含空类名的数据包,使应用程序崩溃。
Severity
中
Patch Name
blim-sfcb拒绝服务漏洞的补丁
Patch Description
sblim-sfcb是对公共信息模型对象管理器的一个开源实现。sblim-sfcb的providerMgr.c文件中的‘lookupProviders’函数存在安全漏洞,允许远程攻击者可提交包含空类名的数据包,使应用程序崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/
Reference
http://www.openwall.com/lists/oss-security/2015/08/21/2
Impacted products
| Name | ['Sblim-Sfcb sblim-sfcb 1.3.4', 'Sblim-Sfcb sblim-sfcb 1.3.18'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-5185"
}
},
"description": "sblim-sfcb\u662f\u5bf9\u516c\u5171\u4fe1\u606f\u6a21\u578b\u5bf9\u8c61\u7ba1\u7406\u5668\u7684\u4e00\u4e2a\u5f00\u6e90\u5b9e\u73b0\u3002\r\n\r\nsblim-sfcb\u7684providerMgr.c\u6587\u4ef6\u4e2d\u7684\u2018lookupProviders\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u5305\u542b\u7a7a\u7c7b\u540d\u7684\u6570\u636e\u5305\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
"discovererName": "Kurt Seifried \u003ckseifried@...hat.com\u003e",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-06459",
"openTime": "2015-10-13",
"patchDescription": "sblim-sfcb\u662f\u5bf9\u516c\u5171\u4fe1\u606f\u6a21\u578b\u5bf9\u8c61\u7ba1\u7406\u5668\u7684\u4e00\u4e2a\u5f00\u6e90\u5b9e\u73b0\u3002sblim-sfcb\u7684providerMgr.c\u6587\u4ef6\u4e2d\u7684\u2018lookupProviders\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u5305\u542b\u7a7a\u7c7b\u540d\u7684\u6570\u636e\u5305\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "blim-sfcb\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Sblim-Sfcb sblim-sfcb 1.3.4",
"Sblim-Sfcb sblim-sfcb 1.3.18"
]
},
"referenceLink": "http://www.openwall.com/lists/oss-security/2015/08/21/2",
"serverity": "\u4e2d",
"submitTime": "2015-10-03",
"title": "sblim-sfcb\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
GSD-2015-5185
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-5185",
"description": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.",
"id": "GSD-2015-5185",
"references": [
"https://www.suse.com/security/cve/CVE-2015-5185.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-5185"
],
"details": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.",
"id": "GSD-2015-5185",
"modified": "2023-12-13T01:20:06.266077Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/08/21/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"name": "http://www.securityfocus.com/bid/91212",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/91212"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:1.3.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5185"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1571",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"name": "[oss-security] 20150820 CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"name": "91212",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/91212"
},
{
"name": "FEDORA-2015-14199",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
},
{
"name": "FEDORA-2015-14200",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
},
{
"name": "FEDORA-2015-14197",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-30T16:27Z",
"publishedDate": "2015-09-28T20:59Z"
}
}
}
VAR-201509-0337
Vulnerability from variot - Updated: 2024-11-23 22:13The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. SBLIM-SFCB is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sblim-sfcb",
"scope": "eq",
"trust": 1.6,
"vendor": "standards based linux instrumentation",
"version": "1.3.18"
},
{
"model": "sblim-sfcb",
"scope": "eq",
"trust": 1.6,
"vendor": "standards based linux instrumentation",
"version": "1.3.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "13.2"
},
{
"model": "small footprint cim broker",
"scope": "eq",
"trust": 0.8,
"vendor": "standards based linux instrumentation sblim",
"version": "1.3.18"
},
{
"model": "small footprint cim broker",
"scope": "eq",
"trust": 0.8,
"vendor": "standards based linux instrumentation sblim",
"version": "1.3.4"
},
{
"model": "sblim-sfcb",
"scope": "eq",
"trust": 0.3,
"vendor": "sblim",
"version": "0"
},
{
"model": "rackswitch g8264cs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "integrated management module for system yuoo",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x"
},
{
"model": "integrated management module for bladecenter yuoo",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "flex system fabric en4093 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "flex en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "rackswitch g8264cs",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.14.0"
},
{
"model": "integrated management module for system yuooh3a",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "x-1.52"
},
{
"model": "integrated management module for bladecenter yuooh3a",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "-1.52"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.14.0"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.14.0"
},
{
"model": "flex system fabric en4093 10gb scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.14.0"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.14.0"
},
{
"model": "flex en2092 1gb ethernet scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.14.0"
}
],
"sources": [
{
"db": "BID",
"id": "91212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-566"
},
{
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:novell:opensuse",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:standards_based_linux_instrumentation:sblim-sfcb",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qinghao Tang from QIHU 360.",
"sources": [
{
"db": "BID",
"id": "91212"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5185",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5185",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5185",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-5185",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-566",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-566"
},
{
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. SBLIM-SFCB is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "BID",
"id": "91212"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5185",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/08/21/2",
"trust": 2.4
},
{
"db": "BID",
"id": "91212",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004996",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-566",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "91212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-566"
},
{
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"id": "VAR-201509-0337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22222222
},
"last_update_date": "2024-11-23T22:13:23.625000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openSUSE-SU-2015:1571",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"title": "Standards Based Linux Instrumentation",
"trust": 0.8,
"url": "http://sourceforge.net/projects/sblim/files/"
},
{
"title": "sblim-sfcb Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57822"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-566"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172659.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172667.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/91212"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172634.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5185"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5185"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/sblim/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255587"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099487"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099394"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099388"
}
],
"sources": [
{
"db": "BID",
"id": "91212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-566"
},
{
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "91212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-566"
},
{
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-20T00:00:00",
"db": "BID",
"id": "91212"
},
{
"date": "2015-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"date": "2015-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-566"
},
{
"date": "2015-09-28T20:59:01.937000",
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-03T01:01:00",
"db": "BID",
"id": "91212"
},
{
"date": "2015-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004996"
},
{
"date": "2015-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-566"
},
{
"date": "2024-11-21T02:32:31.403000",
"db": "NVD",
"id": "CVE-2015-5185"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-566"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sblim-sfcb of providerMgr.c of lookupProviders Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004996"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "91212"
}
],
"trust": 0.3
}
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…