7.5

CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
CanonicalUbuntu Linux Version15.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.29% 0.809
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-681 Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

http://ubuntu.com/usn/usn-2607-1
Patch
Third Party Advisory
Release Notes
http://www.openwall.com/lists/oss-security/2015/04/07/1
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/04/23/17
Patch
Third Party Advisory
Mailing List
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
Patch
Third Party Advisory
https://metacpan.org/changes/distribution/Module-Signature
Vendor Advisory
Release Notes