[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-2090Date: (C)2017-01-16   (M)2023-12-22


Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
FEDORA-2016-5c3d057783
FEDORA-2016-d3e562bb52
GLSA-201607-13
USN-4243-1
https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html
http://www.openwall.com/lists/oss-security/2016/01/28/5
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
https://bugs.freedesktop.org/show_bug.cgi?id=93881
https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7

CPE    6
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
cpe:/o:fedoraproject:fedora:24
cpe:/a:freedesktop:libbsd
...
CWE    1
CWE-119
OVAL    2
oval:org.secpod.oval:def:111826
oval:org.secpod.oval:def:1800548

© SecPod Technologies