Candidate: CVE-2016-8596
PublicDate: 2016-10-28 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8596
 https://github.com/GomSpace/libcsp/pull/80
Description:
 Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp
 library v1.4 and earlier allows hostile components connected to the canbus
 to execute arbitrary code via a long csp packet.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Eyal Itkin
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libcsp:
upstream_libcsp: needs-triage
precise_libcsp: DNE
precise/esm_libcsp: DNE
trusty_libcsp: DNE
trusty/esm_libcsp: DNE
vivid/stable-phone-overlay_libcsp: DNE
vivid/ubuntu-core_libcsp: DNE
xenial_libcsp: ignored (end of standard support, was needed)
yakkety_libcsp: ignored (reached end-of-life)
zesty_libcsp: ignored (reached end-of-life)
artful_libcsp: ignored (reached end-of-life)
bionic_libcsp: needed
cosmic_libcsp: ignored (reached end-of-life)
disco_libcsp: DNE
eoan_libcsp: DNE
focal_libcsp: DNE
groovy_libcsp: DNE
hirsute_libcsp: DNE
impish_libcsp: DNE
jammy_libcsp: DNE
devel_libcsp: DNE