CVE-2016-4359
Summary
| CVE | CVE-2016-4359 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-08 14:59:37 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allows remote attackers to execute arbitrary code via a long -server_name value, aka ZDI-CAN-3516. |
Risk And Classification
Primary CVSS: v3.0 9.8 CRITICAL from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-119 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Loadrunner | 11.52 | p3 | All | All |
| Application | Hp | Loadrunner | 12.00 | p1 | All | All |
| Application | Hp | Loadrunner | 12.01 | p3 | All | All |
| Application | Hp | Loadrunner | 12.02 | p2 | All | All |
| Application | Hp | Loadrunner | 12.50 | p1 | All | All |
| Application | Hp | Performance Center | 11.52 | p3 | All | All |
| Application | Hp | Performance Center | 12.00 | p1 | All | All |
| Application | Hp | Performance Center | 12.01 | p3 | All | All |
| Application | Hp | Performance Center | 12.20 | p2 | All | All |
| Application | Hp | Performance Center | 12.50 | p1 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [R2] HP LoadRunner mchan.dll Shared Memory Object Name Construction Remote Stack Buffer Overflow - Research Advisory | Tenable® | af854a3a-2127-422b-91ae-364da2661108 | www.tenable.com | |
| HPE LoadRunner Unspecified Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Multiple HP Products Multiple Remote Code Execution and Denial of Service Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| HPE Support document - HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | Vendor Advisory |
| Zero Day Initiative | af854a3a-2127-422b-91ae-364da2661108 | www.zerodayinitiative.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.