CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 79.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.4

References

http://ubuntu.com/usn/usn-2607-1
http://www.openwall.com/lists/oss-security/2015/04/07/1
http://www.openwall.com/lists/oss-security/2015/04/23/17
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
https://metacpan.org/changes/distribution/Module-Signature
http://ubuntu.com/usn/usn-2607-1
http://www.openwall.com/lists/oss-security/2015/04/07/1
http://www.openwall.com/lists/oss-security/2015/04/23/17
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
https://metacpan.org/changes/distribution/Module-Signature

Products affected by CVE-2015-3406

Module-Signature Project » Module-Signature » Version: 0.73

cpe:2.3:a:module-signature_project:module-signature:0.73
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 14.10

cpe:2.3:o:canonical:ubuntu_linux:14.10
Canonical » Ubuntu Linux » Version: 15.04

cpe:2.3:o:canonical:ubuntu_linux:15.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3406

Products

Pricing

Contact Us