CVE-2016-5408

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow5 documents5 sources

Severity

9.8CRITICAL

EPSS

5.4%

top 9.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Oracle Linux Redhat Enterprise Linux Server Redhat Enterprise Linux Workstation

Timeline

PublishedAug 10

Latest updateMay 13

Description

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_workstation6.0

▶NVDoracle/linux6

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-5f9j-8ghm-9gxx: Stack-based buffer overflow in the munge_other_line function in cachemgr↗2022-05-13

▶

CVEList

CVE-2016-5408: Stack-based buffer overflow in the munge_other_line function in cachemgr↗2016-08-10

▶

📋Vendor Advisories

1

Red Hat

squid: Buffer overflow vulnerability in cachemgr.cgi tool↗2016-04-20

▶

💬Community

1

Bugzilla

CVE-2016-5408 squid: Buffer overflow vulnerability in cachemgr.cgi tool↗2016-07-22

▶

CVE-2016-5408 (CRITICAL CVSS 9.8) | Stack-based buffer overflow in the | cvebase.io