GNUC C Vulnerabilities: CVE-2015-8983; CVE-2015-8984; CVE-2015-8985

Document ID : KB000014254
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

CVE-2015-8983
Severity: 8.1 (High)
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.


CVE-2015-8984
Severity: 5.9 (Medium)
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.


CVE-2015-8985
Severity: 5.9 (Medium)
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

Question:

Is Spectrum affected by these GNUC C Vulnerabilities CVE-2015-8983, CVE-2015-8984, CVE-2015-8985?

Environment:
Windows platformsSpectrum 9.4.x; Spectrum 10.x
Answer:

Spectrum uses Visual C++ compiler for Windows instead of GNU C libraries. Therefore, Spectrum is not affected.