CVE-2016-2090Improper Restriction of Operations within the Bounds of a Memory Buffer in Libbsd

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents6 sources
Severity
9.8CRITICALNVD
EPSS
1.7%
top 17.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Freedesktop LibbsdDebian LibbsdCanonical Ubuntu Linux+2 more
Timeline
PublishedJan 13
Latest updateMay 13

Description

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/libbsd< libbsd 0.8.2-1 (bookworm)
NVDfreedesktop/libbsd< 0.8.2
Debianfreedesktop/libbsd< 0.8.2-1+3
Ubuntufreedesktop/libbsd< 0.8.2-1ubuntu0.1+2

Also affects: Debian Linux 8.0, Fedora 24, 25, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04

Patches

Patch: cgit.freedesktop.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-q44v-89pv-h73p: Off-by-one vulnerability in the fgetwln function in libbsd before 02022-05-13
OSV
libbsd vulnerabilities2020-01-20
OSV
CVE-2016-2090: Off-by-one vulnerability in the fgetwln function in libbsd before 02017-01-13

📋Vendor Advisories

2
Ubuntu
libbsd vulnerabilities2020-01-20
Debian
CVE-2016-2090: libbsd - Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows a...2016

💬Community

5
Bugzilla
CVE-2016-2090 libbsd: heap buffer overflow in fgetwln function [epel-5]2016-01-28
Bugzilla
CVE-2016-2090 libbsd: heap buffer overflow in fgetwln function [epel-6]2016-01-28
Bugzilla
CVE-2016-2090 libbsd: heap buffer overflow in fgetwln function [fedora-all]2016-01-28
Bugzilla
CVE-2016-2090 libbsd: heap buffer overflow in fgetwln function2016-01-28
Bugzilla
CVE-2016-2090 libbsd: heap buffer overflow in fgetwln function [epel-7]2016-01-28