Vulnerability Details CVE-2015-4675
Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/132196/TinySRP-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2015/Jun/21
- http://www.securityfocus.com/bid/75365
- http://packetstormsecurity.com/files/132196/TinySRP-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2015/Jun/21
- http://www.securityfocus.com/bid/75365
Products affected by CVE-2015-4675
-
cpe:2.3:a:tinysrp_project:tinysrp:0.7.5