CVE-2016-4478

Published on: 06/13/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Atheme from Atheme contain the following vulnerability:

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

  • CVE-2016-4478 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
oss-security - Re: CVE request: atheme: security fixes www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160503 Re: CVE request: atheme: security fixes
Debian -- Security Information -- DSA-3586-1 atheme-services www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3586
openSUSE-SU-2016:1312-1: moderate: Security update for atheme lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1312
Do not copy more bytes than were allocated · atheme/[email protected] · GitHub github.com
text/html
URL Logo CONFIRM github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
oss-security - CVE request: atheme: security fixes www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160502 CVE request: atheme: security fixes

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationAthemeAthemeAllAllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
  • cpe:2.3:a:atheme:atheme:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*: