CVE-2016-10721
Published: 2 May 2018
partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application.
Priority
Status
Package | Release | Status |
---|---|---|
partclone Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(0.3.6-2build1)
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
upstream |
Released
(0.2.88-1)
|
|
impish |
Not vulnerable
|
|
groovy |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
xenial |
Needed
|
|
trusty |
Does not exist
(trusty was needed)
|
|
mantic |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |