CVE-2016-4456

Опубликовано: 08 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

Ссылки

http://www.openwall.com/lists/oss-security/2016/06/07/6
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1343505
Issue Tracking
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/07/6
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1343505
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:gnutls:3.4.12:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00246

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2016-4456

CVSS3: 7.5

ubuntu

больше 8 лет назад

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

CVE-2016-4456

CVSS3: 6.3

redhat

больше 9 лет назад

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

CVE-2016-4456

CVSS3: 7.5

debian

больше 8 лет назад

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows r ...

GHSA-f425-wv72-9hrq

CVSS3: 7.5

github

больше 3 лет назад

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

EPSS

Процентиль: 48%

0.00246

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20