CVE-2016-2090
high-risk
Published 2017-01-13
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
Do I need to act?
~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (9)
Affected Vendors
References (18)
Third Party Advisory
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-...
Issue Tracking
https://bugs.freedesktop.org/show_bug.cgi?id=93881
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html
Third Party Advisory
https://security.gentoo.org/glsa/201607-13
Third Party Advisory
https://usn.ubuntu.com/4243-1/
Third Party Advisory
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-...
Issue Tracking
https://bugs.freedesktop.org/show_bug.cgi?id=93881
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html
Third Party Advisory
https://security.gentoo.org/glsa/201607-13
Third Party Advisory
https://usn.ubuntu.com/4243-1/
51
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
15/34 · Moderate