Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2016-3630

Published: 13/04/2016 Updated: 21/06/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Fedora

Vulnerability Summary

The binary delta decoder in Mercurial prior to 3.7.3 allows remote malicious users to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 22

fedoraproject fedora 23

opensuse leap 42.1

mercurial mercurial

debian debian linux 8.0

debian debian linux 7.0

suse linux enterprise software development kit 12

suse linux enterprise software development kit 11

suse linux enterprise debuginfo 11

opensuse opensuse 13.2

Vendor Advisories

Debian CVElist Bug Report Logs: mercurial: CVE-2016-3068 CVE-2016-3069 CVE-2016-3630
Debian Bug report logs - #819504 mercurial: CVE-2016-3068 CVE-2016-3069 CVE-2016-3630 Package: src:mercurial; Maintainer for src:mercurial is Python Applications Packaging Team <python-apps-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 29 Mar 2016 19:36:02 UTC Severit ...
Debian Security Advisories: DSA-3542-1 mercurial -- security update
Several vulnerabilities have been discovered in Mercurial, a distributed version control system The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone CVE-2016-30 ...
Amazon Linux AMI: ALAS-2016-697
It was discovered that Mercurial failed to properly check Git sub-repository URLs A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code (CVE-2016-3068) The binary delta decoder in Mercurial before 373 allows remote attackers to execute arbitrary code via a (1) clon ...
Red Hat: CVE-2016-3630
The binary delta decoder in Mercurial before 373 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records ...

References

CWE-19http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.htmlhttps://selenic.com/repo/hg-stable/rev/b6ed2505d6cfhttps://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.htmlhttp://www.debian.org/security/2016/dsa-3542http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.htmlhttps://selenic.com/repo/hg-stable/rev/b9714d958e89http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201612-19https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504https://nvd.nist.govhttps://www.debian.org/security/./dsa-3542
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook