Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2016-6254

Published: 19/08/2016 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Debian

Vulnerability Summary

Heap-based buffer overflow in the parse_packet function in network.c in collectd prior to 5.4.3 and 5.x prior to 5.5.2 allows remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

collectd collectd

fedoraproject fedora 24

fedoraproject fedora 23

Vendor Advisories

Debian CVElist Bug Report Logs: Heap overflow in the network plugin (CVE-2016-6254)
Debian Bug report logs - #832507 Heap overflow in the network plugin (CVE-2016-6254) Package: collectd; Maintainer for collectd is Sebastian Harl <tokkee@debianorg>; Source for collectd is src:collectd (PTS, buildd, popcon) Reported by: Florian Forster <octo@collectdorg> Date: Tue, 26 Jul 2016 08:51:02 UTC Severit ...
Debian Security Advisories: DSA-3636-1 collectd -- security update
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code Additionally, security researchers at Columbia University and the Uni ...
Amazon Linux AMI: ALAS-2016-739
A heap-based buffer overflow in the parse_packet function in networkc in collectd allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet ...

References

CWE-119https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18http://www.debian.org/security/2016/dsa-3636http://collectd.org/news.shtmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZ5UXDOB7BA5NGE2F2I2BL4K6763DHW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CM4W5SJ4OTBGINGIN4NJLXCUZAZANO6J/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832507https://nvd.nist.govhttps://www.debian.org/security/./dsa-3636
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook