Vulnerability Description
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Loadrunner | 11.52 |
| Hp | Performance Center | 11.52 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/90975
- http://www.securitytracker.com/id/1036006Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-16-363Third Party AdvisoryVDB Entry
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423Vendor Advisory
- https://www.tenable.com/security/research/tra-2016-16
- http://www.securityfocus.com/bid/90975
- http://www.securitytracker.com/id/1036006Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-16-363Third Party AdvisoryVDB Entry
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157423Vendor Advisory
- https://www.tenable.com/security/research/tra-2016-16
FAQ
What is CVE-2016-4359?
CVE-2016-4359 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Perfor...
How severe is CVE-2016-4359?
CVE-2016-4359 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-4359?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Loadrunner, Hp Performance Center.