Vulnerability Details CVE-2015-0885
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://checkpw.sourceforge.net/checkpw/changes.txt
- http://jvn.jp/en/jp/JVN34790526/995575/index.html
- http://jvn.jp/en/jp/JVN34790526/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000032
- http://www.debian.org/security/2015/dsa-3192
- http://checkpw.sourceforge.net/checkpw/changes.txt
- http://jvn.jp/en/jp/JVN34790526/995575/index.html
- http://jvn.jp/en/jp/JVN34790526/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000032
- http://www.debian.org/security/2015/dsa-3192
Products affected by CVE-2015-0885
-
cpe:2.3:a:checkpw_project:checkpw:1.02
-
cpe:2.3:o:debian:debian_linux:7.0