ALT-PU-2016-2100-1
Closed vulnerabilities
Published: 2016-08-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-6254
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
Severity: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
References:
- http://collectd.org/news.shtml
- http://collectd.org/news.shtml
- DSA-3636
- DSA-3636
- https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
- https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
- FEDORA-2016-23f0d552e8
- FEDORA-2016-23f0d552e8
- FEDORA-2016-e16a14ffc5
- FEDORA-2016-e16a14ffc5