Buffer Overflow Vulnerability in Cygwin by Red Hat
CVE-2017-7523

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Cygwin
Vendor: CVE Published:; 21 July 2017

What is CVE-2017-7523?

Cygwin versions 1.7.2 through 1.8.0 are prone to a buffer overflow vulnerability found in the wcsxfrm and wcsxfrm_l functions. This flaw could be exploited by attackers using specially crafted input strings, resulting in process crashes or the potential hijacking of processes that run with administrative privileges. It is crucial for users of the affected versions to ensure their systems are patched to mitigate these risks.

Affected Version(s)

cygwin since 1.7.2 up to 2.8.0

References

https://cygwin.com/ml/cygwin/2017-05/msg00149.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2017
Vulnerability Reserved
Apr 5, 2017