The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-2237.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2015/03/23/8 | Mailing List Third Party Advisory |
https://bugzilla.gnome.org/show_bug.cgi?id=742644 | Issue Tracking Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1183982 | Issue Tracking Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1199049 | Issue Tracking Patch Third Party Advisory VDB Entry |
https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329 | Patch Third Party Advisory |
Configurations
History
13 Feb 2023, 00:47
Type | Values Removed | Values Added |
---|---|---|
Summary | The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. | |
References |
|
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library. |
Information
Published : 2017-08-18 18:29
Updated : 2023-12-10 12:15
NVD link : CVE-2015-2675
Mitre link : CVE-2015-2675
CVE.ORG link : CVE-2015-2675
JSON object : View
Products Affected
gnome
- librest
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer