CVE-2015-8659 - OpenCVE

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Watchos Tvos Mac Os X
Nghttp2	Nghttp2

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:nghttp2:nghttp2::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

References

Link	Resource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html
http://www.openwall.com/lists/oss-security/2015/12/23/10
http://www.openwall.com/lists/oss-security/2015/12/23/6
http://www.securitytracker.com/id/1035353
https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/	Patch Vendor Advisory
https://security.gentoo.org/glsa/201612-06
https://support.apple.com/HT206166	Vendor Advisory
https://support.apple.com/HT206167	Vendor Advisory
https://support.apple.com/HT206168	Vendor Advisory
https://support.apple.com/HT206169	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-01-12T19:00:00

Updated: 2017-06-30T16:57:01

Reserved: 2015-12-23T00:00:00

Link: CVE-2015-8659

JSON object: View

NVD Information

Status : Modified

Published: 2016-01-12T19:59:13.223

Modified: 2019-03-08T16:06:36.980

Link: CVE-2015-8659

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-23T00:00:00", "descriptions": [{"lang": "en", "value": "The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2016-03-21-5", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"name": "GLSA-201612-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-06"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206167"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206168"}, {"name": "[oss-security] 20151223 Re: Use after free in nghttp2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/23/10"}, {"name": "1035353", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035353"}, {"name": "[oss-security] 20151223 Use after free in nghttp2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/23/6"}, {"name": "APPLE-SA-2016-03-21-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"}, {"name": "FEDORA-2016-54f85ec6e8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html"}, {"name": "APPLE-SA-2016-03-21-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/"}, {"name": "FEDORA-2016-8e13ac5754", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html"}, {"name": "APPLE-SA-2016-03-21-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206169"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206166"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2016-03-21-5", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"name": "GLSA-201612-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-06"}, {"name": "https://support.apple.com/HT206167", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206167"}, {"name": "https://support.apple.com/HT206168", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206168"}, {"name": "[oss-security] 20151223 Re: Use after free in nghttp2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/23/10"}, {"name": "1035353", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035353"}, {"name": "[oss-security] 20151223 Use after free in nghttp2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/23/6"}, {"name": "APPLE-SA-2016-03-21-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"}, {"name": "FEDORA-2016-54f85ec6e8", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html"}, {"name": "APPLE-SA-2016-03-21-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"}, {"name": "https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/", "refsource": "CONFIRM", "url": "https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/"}, {"name": "FEDORA-2016-8e13ac5754", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html"}, {"name": "APPLE-SA-2016-03-21-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"}, {"name": "https://support.apple.com/HT206169", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206169"}, {"name": "https://support.apple.com/HT206166", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206166"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8659", "datePublished": "2016-01-12T19:00:00", "dateReserved": "2015-12-23T00:00:00", "dateUpdated": "2017-06-30T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82", "versionEndIncluding": "10.11.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*", "matchCriteriaId": "59431EFB-2ABD-459B-9080-BF26FFC6F41B", "versionEndIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237", "versionEndIncluding": "9.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A", "versionEndIncluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBF14807-BA21-480B-9ED0-A6D53352E87F", "versionEndIncluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug."}, {"lang": "es", "value": "El manejo de flujo de datos en reposo en nghttp2 en versiones anteriores a 1.6.0 permite atacantes tener un impacto no especificado a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como error de uso despu\u00e9s de liberaci\u00f3n de memoria din\u00e1mica."}], "id": "CVE-2015-8659", "lastModified": "2019-03-08T16:06:36.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-12T19:59:13.223", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/12/23/10"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/12/23/6"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035353"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-06"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT206166"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT206167"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT206168"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT206169"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}