CVE-2016-5762

CWE-190 — Integer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

8.4%

top 7.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Groupwise

Timeline

PublishedApr 20

Latest updateMay 14

Description

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDnovell/groupwise2012+1

🔴Vulnerability Details

GHSA

GHSA-8g79-27jh-fr2j: Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitr↗2022-05-14

▶

CVEList

CVE-2016-5762: Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitr↗2017-04-20

▶