Vulnerability Details : CVE-2016-4804
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-4804
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:dosfstools_project:dosfstools:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4804
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4804
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
6.2
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
NIST |
CWE ids for CVE-2016-4804
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4804
-
http://lists.opensuse.org/opensuse-updates/2016-09/msg00014.html
openSUSE-SU-2016:2233-1: moderate: Security update for dosfstools
-
https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
dosfstools / fsck.vfat: Several invalid memory accesses | The Fuzzing ProjectPatch
-
http://lists.opensuse.org/opensuse-updates/2016-06/msg00001.html
openSUSE-SU-2016:1461-1: moderate: Security update for dosfstools
-
http://www.securityfocus.com/bid/90311
dosfstools Multiple Security Vulnerabilities
-
https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
read_boot(): Handle excessive FAT size specifications · dosfstools/dosfstools@e8eff14 · GitHub
-
https://lists.debian.org/debian-lts-announce/2020/05/msg00028.html
-
https://github.com/dosfstools/dosfstools/issues/25
Heap overflow in function read_fat() · Issue #25 · dosfstools/dosfstools · GitHubPatch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2986-1
USN-2986-1: dosfstools vulnerabilities | Ubuntu security notices
-
https://github.com/dosfstools/dosfstools/issues/26
heap out of bounds read in get_fat() · Issue #26 · dosfstools/dosfstools · GitHubPatch;Vendor Advisory
Jump to