CVE-2016-15024 - OpenCVE

A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:H/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Doomsider Shadow Project	Doomsider Shadow

Configuration 1 [-]

cpe:2.3:a:doomsider_shadow_project:doomsider_shadow:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/doomsider/shadow/commit/3332c5ba9ec3014ddc74e2147190a050eee97bc0	Patch
https://vuldb.com/?ctiid.221478	Permissions Required Third Party Advisory
https://vuldb.com/?id.221478	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-02-19T18:00:05.404Z

Updated: 2023-10-20T10:12:07.576Z

Reserved: 2023-02-18T12:06:47.770Z

Link: CVE-2016-15024

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-19T18:15:10.067

Modified: 2024-05-17T01:08:10.180

Link: CVE-2016-15024

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2016-15024", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-02-18T12:06:47.770Z", "datePublished": "2023-02-19T18:00:05.404Z", "dateUpdated": "2023-10-20T10:12:07.576Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T10:12:07.576Z"}, "title": "doomsider shadow denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "affected": [{"vendor": "doomsider", "product": "shadow", "versions": [{"version": "n/a", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in doomsider shadow ausgemacht. Dabei betrifft es einen unbekannter Codeteil. Durch Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Der Patch wird als 3332c5ba9ec3014ddc74e2147190a050eee97bc0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.5, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1, "vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P"}}], "timeline": [{"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-02-18T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-03-23T08:50:01.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.221478", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221478", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/doomsider/shadow/commit/3332c5ba9ec3014ddc74e2147190a050eee97bc0", "tags": ["patch"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doomsider_shadow_project:doomsider_shadow:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F68D9C5-41D9-415F-B181-8C334017F11A", "versionEndExcluding": "2016-06-09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability."}], "id": "CVE-2016-15024", "lastModified": "2024-05-17T01:08:10.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-02-19T18:15:10.067", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/doomsider/shadow/commit/3332c5ba9ec3014ddc74e2147190a050eee97bc0"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.221478"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221478"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}