ALT-PU-2019-1297-1
Closed vulnerabilities
Published: 2017-01-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-2090
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20160128 Re: Heap buffer overflow in fgetwln function of libbsd
- [oss-security] 20160128 Re: Heap buffer overflow in fgetwln function of libbsd
- https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
- https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
- https://bugs.freedesktop.org/show_bug.cgi?id=93881
- https://bugs.freedesktop.org/show_bug.cgi?id=93881
- https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
- https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
- [debian-lts-announce] 20191230 [SECURITY] [DLA 2052-1] libbsd security update
- [debian-lts-announce] 20191230 [SECURITY] [DLA 2052-1] libbsd security update
- FEDORA-2016-d3e562bb52
- FEDORA-2016-d3e562bb52
- FEDORA-2016-5c3d057783
- FEDORA-2016-5c3d057783
- GLSA-201607-13
- GLSA-201607-13
- USN-4243-1
- USN-4243-1