CVE-2016-6264

Sažetak

Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function.

Reference

http://www.openwall.com/lists/oss-security/2016/07/21/6
http://www.openwall.com/lists/oss-security/2016/07/21/2
http://www.openwall.com/lists/oss-security/2016/06/29/3
http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html
http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
http://www.securityfocus.com/bid/91492

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

19-05-2021 - 15:17

Objavljeno

27-01-2017 - 22:59