CVE-2017-7523

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Cygwin
Vendor: CVE Published:; 21 July 2017

Summary

Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.

Affected Version(s)

cygwin since 1.7.2 up to 2.8.0

References

https://cygwin.com/ml/cygwin/2017-05/msg00149.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2017
Vulnerability Reserved
Apr 5, 2017