CVE-2016-8859

Опубликовано: 13 фев. 2017

Источник: debian

EPSS Низкий

Описание

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
tre	fixed	0.8.0-5		package
tre	fixed	0.8.0-4+deb8u1	jessie	package
musl	fixed	1.1.15-2		package
musl	fixed	1.1.5-2+deb8u1	jessie	package

Примечания

https://www.openwall.com/lists/oss-security/2016/10/19/1
other issues may still be present in tre after this: https://github.com/laurikari/tre/issues/37
musl patch: http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7, not released yet

EPSS

Процентиль: 73%

0.00766

Низкий

Связанные уязвимости

CVE-2016-8859

CVSS3: 9.8

ubuntu

почти 9 лет назад

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

CVE-2016-8859

CVSS3: 9.8

nvd

почти 9 лет назад

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

openSUSE-SU-2018:0222-1

suse-cvrf

около 8 лет назад

Security update for tre

GHSA-2r68-mjqv-c389

CVSS3: 9.8

github

больше 3 лет назад

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

openSUSE-SU-2020:0554-1

suse-cvrf

почти 6 лет назад

Security update for kubernetes

EPSS

Процентиль: 73%

0.00766

Низкий