Home > Vulnerability Database > CVE-2015-10088

Mend.io Vulnerability Database

CVE-2015-10088

Date: March 5, 2023

A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.

Language: C

Severity Score

5.0

Related Resources (7)

Url: https://sourceforge.net/p/ayttm/mailman/message/34397158/

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-10088

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-10088

Url: https://vuldb.com/?id.222267

Url: https://vuldb.com/?ctiid.222267

Url: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046

Url: https://www.mend.io/vulnerability-database/CVE-2015-10088

Severity Score

5.0

Weakness Type (CWE)

Format String Vulnerability

CWE-134

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-10088

Date: March 5, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?