CVE-2017-7523

Published Jul 21, 2017

Last updated 5 years ago

CVSS high 7.5

Overview

Description: Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-119
secalert@redhat.com: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28230858-0B1C-4336-8C5C-86C96DFA098F"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "581471BF-47F8-4742-986D-ADCD70179D5C"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1D9333B-AB0D-4ACF-9747-5ED10CE5C073"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB48C8F3-1BAE-4159-95C7-ECF847ED8E59"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0165998-89F7-4891-8CC7-905380858261"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49200723-56CD-44E7-9E8F-5213F1006ACE"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83811F47-2B4B-4659-86A1-AE36375DFB72"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A57C27C7-2DC7-40C4-BCA6-997409AEE479"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6BF3225-5B2C-4CD9-80D4-ABC64745FB2C"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A964D38B-3B81-4891-B01B-527A2EE7ACC0"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B96CD403-2DF6-44CB-AB89-83B392061CAF"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1266B5C-D791-430A-ADC7-DB279624AB03"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D58DCAD-1D5E-4891-B627-98FAA8E11D15"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B653FC24-6783-4A25-84A3-AF08F6590B06"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3E839FA-A8B6-490B-B5AB-39EB9625D05F"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF2DA96F-099E-4F6C-A836-1C0EFD32CE46"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A49C1A8-8A3F-4C05-86ED-42B7DED2A719"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CC0DABE-12A0-4832-B177-7146F086ECE3"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F127A321-5212-471A-A132-4526260E6C1D"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "044A1B33-23A1-40C0-99A2-819702B177DE"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E19116C2-EB1C-403A-9965-3113935317CE"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E279B8F-9545-4B17-94CE-74C8D79AAEF9"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9C7B4E2-CC33-4D47-AF3C-74022E784D2E"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A346A2F6-B834-4DB3-839F-1F5A9A11E1B3"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB231BE4-64CB-44BE-81EF-7697AB63DAA7"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4ECD96C-EFE2-449D-AD26-F754CC622978"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BE94167-C3B7-4A16-9886-6ADDFB2135FA"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8CD0846-39D0-4736-9D78-C01FA5ED42B5"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8567DA10-2EF4-468D-A03E-DF84BEDDA4CB"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "169F927F-EB92-41A9-8781-BD04C0538793"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.7.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8AA4897-2A28-4198-B86F-283D21607859"
          },
          {
            "criteria": "cpe:2.3:a:cygwin:cygwin:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1741D63-6937-4C12-BAA4-06679806E4BA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References