LiveActive security incident?Get immediate response
CVE Record

CVE-2015-10065: AenBleidd FiND my_validator.cpp init_result buffer overflow

A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability.

MediumCVSS 5.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2015-10065 is a buffer overflow in AenBleidd FiND. The public record says a patch exists, but affected versions are not specified. Business urgency depends on whether FiND is used internally; absent confirmed deployment or exploitation, this is a targeted remediation item rather than an enterprise-wide emergency.

Executive priority

Treat as moderate priority unless FiND is exposed to untrusted adjacent users or processes. Confirm whether the product exists in the environment first, then patch or isolate affected deployments.

Technical view

The flaw affects init_result in validator/my_validator.cpp and is classified as CWE-120 buffer overflow. CVSS 3.1 is 5.5 with adjacent attack vector, low attack complexity, low privileges required, no user interaction, and low confidentiality, integrity, and availability impact. The named fix is commit ee2eef34a83644f286c9adcaf30437f92e9c48f1.

Likely exposure

Exposure appears limited to organizations using or embedding AenBleidd FiND. The sources list versions as n/a and provide no CPEs, so asset owners must confirm presence directly in code, builds, or deployments.

Exploitation context

The provided bundle does not show CISA KEV listing or active exploitation. VulDB classifies the issue and references permissions required, but the supplied evidence does not establish real-world attacks or public weaponization.

Researcher notes

Key uncertainty is version scope: the record names AenBleidd FiND and a patched function but lists versions as n/a. Analysis should focus on code lineage, patch presence, and whether init_result processes attacker-controlled data in local deployments.

Mitigation direction

  • Identify whether AenBleidd FiND is present in source, builds, or deployed assets.
  • Apply the upstream patch commit or an official fixed release when available.
  • Restrict access to FiND interfaces to trusted users and networks.
  • Monitor vendor or repository guidance for affected-version clarification.
  • Prioritize remediation where FiND handles untrusted input.

Validation and detection

  • Search software inventories and repositories for AenBleidd FiND usage.
  • Verify deployed code includes commit ee2eef34a83644f286c9adcaf30437f92e9c48f1 or later.
  • Confirm access controls match the adjacent, low-privilege attack assumptions.
  • Review change history for local forks of validator/my_validator.cpp.
  • Run applicable unit or regression tests after patching.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-120: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2015-10065 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
4Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.5CVSS 3.1MediumCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L2.13.4Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

5.5Medium
CVSS 3.1 vector shape for CVE-2015-10065Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
AenBleiddFiNDn/aListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-120 · source CWE mapping

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.