CVE-2016-1024

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow CWE-338 CWE-190 — Integer Overflow CWE-327 — Broken Cryptographic Algorithm30 documents10 sources

Severity

8.8HIGH

EPSS

4.1%

top 11.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Desktop Runtime Adobe AIR SDK Adobe AIR SDK \& Compiler +2 more

Timeline

PublishedApr 9

Latest updateMay 17

Description

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDadobe/flash_player11.2.202.577+2

▶NVDadobe/flash_player_desktop_runtime21.0.0.197

▶Ubuntuflashplugin-nonfree< 11.2.202.616ubuntu0.14.04.1

▶NVDadobe/air_sdk21.0.0.176

▶NVDadobe/air_desktop_runtime21.0.0.176

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-28v2-8gqw-gmq2: Adobe Flash Player before 18↗2022-05-17

▶

GHSA

In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values↗2018-10-17

▶

OSV

CVE-2016-1024: Adobe Flash Player before 18↗2016-04-09

▶

CVEList

CVE-2016-1024: Adobe Flash Player before 18↗2016-04-09

▶

OSV

libssh vulnerabilities↗2016-02-23

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox < 50.1.0 - Use-After-Free↗2017-01-13

▶

Exploit-DB

Apple OS X/iOS Kernel - IOSurface Use-After-Free↗2016-10-31

▶

Exploit-DB

CesarFTP 0.99g - XCWD Denial of Service↗2016-01-19

▶

📋Vendor Advisories

Red Hat

bouncycastle: DSA key pair generator generates a weak private key by default↗2018-06-07

▶

Red Hat

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64↗2017-12-07

▶

Red Hat

flash-plugin: multiple code execution issues fixed in APSB16-10↗2016-04-07

▶

Red Hat

flash-plugin: multiple code execution issues fixed in APSB16-10↗2016-04-07

▶

Red Hat

flash-plugin: multiple code execution issues fixed in APSB16-10↗2016-04-07

▶

💬Community

Bugzilla

CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default↗2018-06-07

▶

Bugzilla

CVE-2016-5017 zookeeper: Buffer overflow vulnerability in C cli shell↗2016-09-19

▶

HackerOne

EBCDIC overread (CVE-2016-2176)↗2016-05-03

▶

Bugzilla

CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()↗2016-04-28

▶

Bugzilla

CVE-2016-3189 bzip2: heap use after free in bzip2recover↗2016-03-21

▶