CVE-2016-6318 — Out-of-bounds Write in Project Cracklib

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.8HIGHNVD

EPSS

2.4%

top 15.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cracklib Project Cracklib Debian Cracklib2 Debian Linux +1 more

Timeline

PublishedSep 7

Latest updateMay 13

Description

Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/cracklib2< cracklib2 2.9.2-2 (bookworm)

▶NVDcracklib_project/cracklib2.9.0 — 2.9.6

▶NVDopensuse/leap42.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-f7mv-c94v-v96r: Stack-based buffer overflow in the FascistGecosUser function in lib/fascist↗2022-05-13

▶

OSV

CVE-2016-6318: Stack-based buffer overflow in the FascistGecosUser function in lib/fascist↗2016-09-07

▶

📋Vendor Advisories

Red Hat

cracklib: Stack-based buffer overflow when parsing large GECOS field↗2016-08-16

▶

Debian

CVE-2016-6318: cracklib2 - Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in...↗2016

▶

💬Community

Bugzilla

CVE-2016-6318 cracklib: Stack-based buffer overflow when parsing large GECOS field [fedora-all]↗2016-08-16

▶

Bugzilla

CVE-2016-6318 cracklib: Stack-based buffer overflow when parsing large GECOS field↗2016-08-08

▶