Buffer Overflow Vulnerability in Cygwin by Red Hat
CVE-2017-7523
7.5HIGH
Summary
Cygwin versions 1.7.2 through 1.8.0 are prone to a buffer overflow vulnerability found in the wcsxfrm and wcsxfrm_l functions. This flaw could be exploited by attackers using specially crafted input strings, resulting in process crashes or the potential hijacking of processes that run with administrative privileges. It is crucial for users of the affected versions to ensure their systems are patched to mitigate these risks.
Affected Version(s)
cygwin since 1.7.2 up to 2.8.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved