Vulnerability Description
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| Collectd | Collectd | >= 5.4.0, < 5.4.3 |
| Fedoraproject | Fedora | 23 |
Related Weaknesses (CWE)
References
- http://collectd.org/news.shtmlRelease NotesVendor Advisory
- http://www.debian.org/security/2016/dsa-3636Third Party Advisory
- https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- http://collectd.org/news.shtmlRelease NotesVendor Advisory
- http://www.debian.org/security/2016/dsa-3636Third Party Advisory
- https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2016-6254?
CVE-2016-6254 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execu...
How severe is CVE-2016-6254?
CVE-2016-6254 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-6254?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Collectd Collectd, Fedoraproject Fedora.