Buffer Overflow Vulnerability in Cygwin by Red Hat
CVE-2017-7523

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Vendor
CVE Published:
21 July 2017

Summary

Cygwin versions 1.7.2 through 1.8.0 are prone to a buffer overflow vulnerability found in the wcsxfrm and wcsxfrm_l functions. This flaw could be exploited by attackers using specially crafted input strings, resulting in process crashes or the potential hijacking of processes that run with administrative privileges. It is crucial for users of the affected versions to ensure their systems are patched to mitigate these risks.

Affected Version(s)

cygwin since 1.7.2 up to 2.8.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.