CVE-2016-4456

Severity

7.5HIGH

EPSS

0.2%

top 52.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 8

Latest updateMay 13

Description

The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

▶Debiangnutls28< 3.4.13-1+3

▶NVDgnu/gnutls3.4.12

GHSA

GHSA-f425-wv72-9hrq: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3↗2022-05-13

▶

CVEList

CVE-2016-4456: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3↗2017-08-08

▶

OSV

CVE-2016-4456: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3↗2017-08-08

▶

Red Hat

gnutls: Environment variable GNUTLS_KEYLOGFILE is obtained via insecure getenv()↗2016-06-06

▶

Debian

CVE-2016-4456: gnutls28 - The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote atta...↗2016

▶

Bugzilla

CVE-2016-4456 gnutls: various flaws [fedora-23]↗2016-06-07

▶

Bugzilla

CVE-2016-4456 gnutls: Environment variable GNUTLS_KEYLOGFILE is obtained via insecure getenv()↗2016-06-07

▶