CVE-2016-6254

Published on: 08/19/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Certain versions of Collectd from Collectd contain the following vulnerability:

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

  • CVE-2016-6254 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.1 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH HIGH

CVSS2 Score: 6.4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL PARTIAL

CVE References

Description Tags Link
Debian -- Security Information -- DSA-3636-1 collectd Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3636
[SECURITY] Fedora 23 Update: collectd-5.5.2-1.fc23 - package-announce - Fedora Mailing-Lists Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-23f0d552e8
network plugin: Fix heap overflow in parse_packet(). · collectd/[email protected] · GitHub Patch
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
collectd news - The system statistics collection daemon Release Notes
Vendor Advisory
collectd.org
text/xml
URL Logo CONFIRM collectd.org/news.shtml
[SECURITY] Fedora 24 Update: collectd-5.5.2-1.fc24 - package-announce - Fedora Mailing-Lists Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-e16a14ffc5

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCollectdCollectdAllAllAllAll
ApplicationCollectdCollectdAllAllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
  • cpe:2.3:a:collectd:collectd:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:collectd:collectd:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*: