CVE-2016-4478 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Atheme-services

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 18.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Atheme-services Atheme Debian Linux +2 more

Timeline

PublishedJun 13

Latest updateMay 14

Description

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/atheme-services< atheme-services 7.0.7-2 (bookworm)

▶NVDatheme/atheme7.2.6

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-f9c4-56cj-69qg: Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib↗2022-05-14

▶

OSV

CVE-2016-4478: Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib↗2016-06-13

▶

📋Vendor Advisories

Debian

CVE-2016-4478: atheme-services - Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/x...↗2016

▶