CVE-2016-8859Integer Overflow or Wraparound in Musl

CWE-190Integer Overflow or Wraparound9 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.8%
top 26.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Musl-libc MuslEtalabs Musl
Timeline
PublishedFeb 13
Latest updateMay 13

Description

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianmusl-libc/musl< 1.1.15-2+3
NVDetalabs/musl1.1.15

🔴Vulnerability Details

3
GHSA
GHSA-2r68-mjqv-c389: Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, w2022-05-13
CVEList
CVE-2016-8859: Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, w2017-02-13
OSV
CVE-2016-8859: Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, w2017-02-13

📋Vendor Advisories

2
Ubuntu
musl vulnerabilities2021-03-15
Debian
CVE-2016-8859: musl - Multiple integer overflows in the TRE library and musl libc allow attackers to c...2016

💬Community

3
Bugzilla
CVE-2016-8859 tre: Regex integer overflow in buffer size computations [fedora-all]2016-10-20
Bugzilla
CVE-2016-8859 tre: Regex integer overflow in buffer size computations2016-10-20
Bugzilla
CVE-2016-8859 tre: Regex integer overflow in buffer size computations [epel-all]2016-10-20
CVE-2016-8859 — Integer Overflow or Wraparound in Musl | cvebase