Vulnerability Details : CVE-2016-6560
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2016-6560
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6560
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
NIST |
CWE ids for CVE-2016-6560
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.Assigned by: cret@cert.org (Secondary)
References for CVE-2016-6560
-
https://www.illumos.org/issues/7488
Bug #7488: bcopy and bzero should mind signed bits - illumos gate - illumosPatch;Vendor Advisory
-
https://github.com/illumos/illumos-gate/commit/5aaab1a49679c26dbcb6fb6dc25799950d70cc71
7488 bcopy and bzero should mind signed bits · illumos/illumos-gate@5aaab1a · GitHubPatch;Third Party Advisory
-
https://www.openindiana.org/2016/11/01/cve-2016-6560-cve-2016-6561-security-issues-in-illumos/
CVE-2016-6560, CVE-2016-6561 Security issues in illumos – openindianaThird Party Advisory
Products affected by CVE-2016-6560
- cpe:2.3:a:illumos:illumos:-:*:*:*:*:*:*:*