Vulnerability Description
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Libssp | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/08/17/6Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/92530Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1324759Issue TrackingThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/08/17/6Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/92530Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1324759Issue TrackingThird Party Advisory
FAQ
What is CVE-2016-4973?
CVE-2016-4973 is a vulnerability with a CVSS score of 7.8 (HIGH). Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Siz...
How severe is CVE-2016-4973?
CVE-2016-4973 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4973?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Libssp.