CVE-2016-9427
Published: 11 December 2016
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
Priority
Status
Package | Release | Status |
---|---|---|
libgc Launchpad, Ubuntu, Debian |
precise |
Released
(1:7.1-8ubuntu0.12.04.3)
|
trusty |
Released
(1:7.2d-5ubuntu2.1)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1:7.4.2-7.3ubuntu0.1)
|
|
yakkety |
Released
(1:7.4.2-8ubuntu0.1)
|
|
Patches: upstream: https://github.com/ivmai/bdwgc/commit/0b6818708f7644db5c7bd0cc80e7adaa5a889257 upstream: https://github.com/ivmai/bdwgc/commit/1f3c938e5482e3770df2163ab03ed760fd12155a upstream: https://github.com/ivmai/bdwgc/commit/41a9ed4cc88c0ed92403e1bd720c68d26c632352 upstream: https://github.com/ivmai/bdwgc/commit/e273661227b4684265c09e04f75db81f7c5e697e upstream: https://github.com/ivmai/bdwgc/commit/2ea6d85adc5fe07d7e9c5d35f2e5886857338681 upstream: https://github.com/ivmai/bdwgc/commit/949a7533d47e0ce0976e2d7aa3daa3bf9f31cabd upstream: https://github.com/ivmai/bdwgc/commit/a230ee8b21111b88749a97e6801048db1859a0fc |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |