CVE-2017-0553

Public on 2017-04-07

Modified on 2017-08-31

Description

An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application.

Severity

Medium

See what this means

CVSS v3 Base Score

7.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	libnl3	2017-08-30 23:38	ALAS-2017-876

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.0	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv2	7.6	AV:N/AC:H/Au:N/C:C/I:C/A:C
NVD	CVSSv3	7.0	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2017-0553 Mitre: CVE-2017-0553 FAQs regarding Amazon Linux ALAS/CVE Severity