CVE-2016-9036

Опубликовано: 23 дек. 2016

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	released	1.0.3-1.1
cosmic	released	1.0.3-1.1
devel	released	1.0.3-1.1
disco	released	1.0.3-1.1
eoan	released	1.0.3-1.1
esm-apps/bionic	released	1.0.3-1.1
esm-apps/focal	released	1.0.3-1.1
esm-apps/jammy	released	1.0.3-1.1
esm-apps/noble	released	1.0.3-1.1

Показывать по

Релиз	Статус	Примечание
artful	not-affected	1.7.2.385.g952d79e-1
bionic	DNE
cosmic	not-affected	1.7.2.385.g952d79e-1
devel	DNE
disco	not-affected	1.7.2.385.g952d79e-1
eoan	not-affected	1.7.2.385.g952d79e-1
esm-apps/focal	not-affected	1.7.2.385.g952d79e-1
esm-apps/jammy	not-affected	1.7.2.385.g952d79e-1
esm-apps/noble	not-affected	1.7.2.385.g952d79e-1
esm-apps/xenial	needed

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2016-9036

CVSS3: 7.5

nvd

около 9 лет назад

CVE-2016-9036

CVSS3: 7.5

debian

около 9 лет назад

An exploitable incorrect return value vulnerability exists in the mp_c ...

GHSA-f22q-j7p8-x9pp

CVSS3: 7.5

github

больше 3 лет назад

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2016-9036

Описание

Пакет msgpuck

Пакет tarantool

Ссылки на источники

Связанные уязвимости