CVE-2016-6559
The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.
La comprobación de límites indebida en la variable obuf en la función link_ntoa() en linkaddr.c en la librería BSD libc podría permitir que un atacante lea o escriba desde la memoria. El impacto y severidad totales depende del método de explotación y de cómo las aplicaciones emplean la librería. Según el análisis de los desarrolladores de FreeBSD, es muy improbable que existan aplicaciones que empleen link_ntoa() de forma explotable; el CERT/CC no conoce la existencia de alguna prueba de concepto. Una publicación en un blog describe las funcionalidades de link_ntoa() y señala que ninguna de las utilidades base emplea esta función de forma explotable. El Security Advisory SA-16:37 de FreeBSD contiene más información.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-03 CVE Reserved
- 2018-07-13 CVE Published
- 2024-04-27 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securitytracker.com/id/1037398 | Third Party Advisory | |
https://www.kb.cert.org/vuls/id/548487 | Third Party Advisory | |
https://www.securityfocus.com/bid/94694 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.2 Search vendor "Freebsd" for product "Freebsd" and version "10.2" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.3 Search vendor "Freebsd" for product "Freebsd" and version "10.3" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.0 Search vendor "Freebsd" for product "Freebsd" and version "11.0" | - |
Affected
|