Vulnerability Details CVE-2017-15364
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd
- https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1#diff-e39824a4819928ff248d5e90a12d1b311db2923907171cdc0ad7058da12244d9R224
- https://github.com/evan/ccsv/issues/15
- https://github.com/evan/ccsv/issues/15
Products affected by CVE-2017-15364
-
cpe:2.3:a:ccsv_project:ccsv:1.1.0