CVE-2016-3630

CWE-19 CWE-119 — Buffer Overflow9 documents7 sources

Severity

8.8HIGH

EPSS

5.2%

top 10.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mercurial Mercurial Debian Debian Linux Fedoraproject Fedora +4 more

Timeline

PublishedApr 13

Latest updateMay 14

Description

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶PyPImercurial< 3.7.3

▶Debianmercurial< 3.7.3-1+3

▶NVDmercurial/mercurial3.7.2

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 7.0, 8.0, Fedora 22, 23

🔴Vulnerability Details

OSV

Mercurial arbitrary code execution vulnerability↗2022-05-14

▶

GHSA

Mercurial arbitrary code execution vulnerability↗2022-05-14

▶

OSV

CVE-2016-3630: The binary delta decoder in Mercurial before 3↗2016-04-13

▶

CVEList

CVE-2016-3630: The binary delta decoder in Mercurial before 3↗2016-04-13

▶

📋Vendor Advisories

Red Hat

mercurial: remote code execution in binary delta decoding↗2016-03-29

▶

Debian

CVE-2016-3630: mercurial - The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to ex...↗2016

▶

💬Community

Bugzilla

CVE-2016-3630 mercurial: remote code execution in binary delta decoding↗2016-03-30

▶

Bugzilla

CVE-2016-3630 CVE-2016-3068 CVE-2016-3069 mercurial: various flaws [fedora-all]↗2016-03-30

▶