Do your applications use this vulnerable package?
Test your applications
Overview
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
References
- CVE Details
- Debian Security Tracker
- Fedora Security Update
- Fedora Security Update
- Gentoo Security Advisory
- MLIST
- OSS security Advisory
- UBUNTU
- Ubuntu CVE Tracker
- https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
- https://bugs.freedesktop.org/show_bug.cgi?id=93881
- https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2016-2090
- CWE
- CWE-119
- Snyk ID
- SNYK-DEBIAN8-LIBBSD-371223
- Disclosed
- 13 Jan, 2017
- Published
- 13 Jan, 2017