CVE-2016-4359

CWE-119 — Buffer Overflow4 documents4 sources

Severity

9.8CRITICAL

EPSS

27.9%

top 3.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Loadrunner HP Performance Center

Timeline

PublishedJun 8

Latest updateMay 17

Description

Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDhp/performance_center5 versions+4

▶NVDhp/loadrunner5 versions+4

🔴Vulnerability Details

GHSA

GHSA-3mxj-4pp4-c6m4: Stack-based buffer overflow in mchan↗2022-05-17

▶

CVEList

CVE-2016-4359: Stack-based buffer overflow in mchan↗2016-06-08

▶

💥Exploits & PoCs

Exploit-DB

SkilMatch Systems JobLister3 - 'index.php' SQL Injection↗2007-07-13

▶