Candidate: CVE-2016-6264
PublicDate: 2017-01-27 22:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6264
 http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
 http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
Description:
 Integer signedness error in libc/string/arm/memset.S in uClibc and
 uClibc-ng before 1.0.16 allows context-dependent attackers to cause a
 denial of service (crash) via a negative length value to the memset
 function.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811275
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_uclibc-ng:
 upstream: http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
upstream_uclibc-ng: needs-triage
precise_uclibc-ng: DNE
trusty_uclibc-ng: DNE
trusty/esm_uclibc-ng: DNE
vivid/stable-phone-overlay_uclibc-ng: DNE
vivid/ubuntu-core_uclibc-ng: DNE
wily_uclibc-ng: DNE
xenial_uclibc-ng: DNE
devel_uclibc-ng: DNE

Patches_uclibc:
upstream_uclibc: needs-triage
precise_uclibc: DNE
trusty_uclibc: DNE
trusty/esm_uclibc: DNE
vivid/stable-phone-overlay_uclibc: DNE
vivid/ubuntu-core_uclibc: DNE
wily_uclibc: DNE
xenial_uclibc: DNE
devel_uclibc: DNE