Vulnerability Details CVE-2016-5119
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.1
References
- https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
- https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html
- https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/
- https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
- https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html
- https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/
Products affected by CVE-2016-5119
-
cpe:2.3:a:keepass:keepass:0.8
-
cpe:2.3:a:keepass:keepass:0.81
-
cpe:2.3:a:keepass:keepass:0.82
-
cpe:2.3:a:keepass:keepass:0.83
-
cpe:2.3:a:keepass:keepass:0.84
-
cpe:2.3:a:keepass:keepass:0.85
-
cpe:2.3:a:keepass:keepass:0.86
-
cpe:2.3:a:keepass:keepass:0.87
-
cpe:2.3:a:keepass:keepass:0.88
-
cpe:2.3:a:keepass:keepass:0.89
-
cpe:2.3:a:keepass:keepass:0.90
-
cpe:2.3:a:keepass:keepass:0.91
-
cpe:2.3:a:keepass:keepass:0.92
-
cpe:2.3:a:keepass:keepass:0.93
-
cpe:2.3:a:keepass:keepass:0.94
-
cpe:2.3:a:keepass:keepass:0.95
-
cpe:2.3:a:keepass:keepass:0.96
-
cpe:2.3:a:keepass:keepass:0.97
-
cpe:2.3:a:keepass:keepass:0.98
-
cpe:2.3:a:keepass:keepass:0.99
-
cpe:2.3:a:keepass:keepass:1.00
-
cpe:2.3:a:keepass:keepass:1.01
-
cpe:2.3:a:keepass:keepass:1.02
-
cpe:2.3:a:keepass:keepass:1.03
-
cpe:2.3:a:keepass:keepass:1.04
-
cpe:2.3:a:keepass:keepass:1.05
-
cpe:2.3:a:keepass:keepass:1.06
-
cpe:2.3:a:keepass:keepass:1.07
-
cpe:2.3:a:keepass:keepass:1.08
-
cpe:2.3:a:keepass:keepass:1.09
-
cpe:2.3:a:keepass:keepass:1.10
-
cpe:2.3:a:keepass:keepass:1.11
-
cpe:2.3:a:keepass:keepass:1.12
-
cpe:2.3:a:keepass:keepass:1.13
-
cpe:2.3:a:keepass:keepass:1.14
-
cpe:2.3:a:keepass:keepass:1.15
-
cpe:2.3:a:keepass:keepass:1.16
-
cpe:2.3:a:keepass:keepass:1.17
-
cpe:2.3:a:keepass:keepass:1.18
-
cpe:2.3:a:keepass:keepass:1.19
-
cpe:2.3:a:keepass:keepass:1.20
-
cpe:2.3:a:keepass:keepass:1.21
-
cpe:2.3:a:keepass:keepass:1.22
-
cpe:2.3:a:keepass:keepass:1.23
-
cpe:2.3:a:keepass:keepass:1.24
-
cpe:2.3:a:keepass:keepass:1.25
-
cpe:2.3:a:keepass:keepass:1.26
-
cpe:2.3:a:keepass:keepass:1.27
-
cpe:2.3:a:keepass:keepass:1.28
-
cpe:2.3:a:keepass:keepass:1.29
-
cpe:2.3:a:keepass:keepass:1.30
-
cpe:2.3:a:keepass:keepass:1.31
-
cpe:2.3:a:keepass:keepass:1.32
-
cpe:2.3:a:keepass:keepass:1.33
-
cpe:2.3:a:keepass:keepass:1.34
-
cpe:2.3:a:keepass:keepass:1.35
-
cpe:2.3:a:keepass:keepass:1.36
-
cpe:2.3:a:keepass:keepass:1.37
-
cpe:2.3:a:keepass:keepass:1.38
-
cpe:2.3:a:keepass:keepass:1.39
-
cpe:2.3:a:keepass:keepass:1.40
-
cpe:2.3:a:keepass:keepass:1.40.1
-
cpe:2.3:a:keepass:keepass:1.41
-
cpe:2.3:a:keepass:keepass:2.00
-
cpe:2.3:a:keepass:keepass:2.01
-
cpe:2.3:a:keepass:keepass:2.02
-
cpe:2.3:a:keepass:keepass:2.03
-
cpe:2.3:a:keepass:keepass:2.04
-
cpe:2.3:a:keepass:keepass:2.05
-
cpe:2.3:a:keepass:keepass:2.06
-
cpe:2.3:a:keepass:keepass:2.07
-
cpe:2.3:a:keepass:keepass:2.08
-
cpe:2.3:a:keepass:keepass:2.09
-
cpe:2.3:a:keepass:keepass:2.10
-
cpe:2.3:a:keepass:keepass:2.11
-
cpe:2.3:a:keepass:keepass:2.12
-
cpe:2.3:a:keepass:keepass:2.13
-
cpe:2.3:a:keepass:keepass:2.14
-
cpe:2.3:a:keepass:keepass:2.15
-
cpe:2.3:a:keepass:keepass:2.16
-
cpe:2.3:a:keepass:keepass:2.17
-
cpe:2.3:a:keepass:keepass:2.18
-
cpe:2.3:a:keepass:keepass:2.19
-
cpe:2.3:a:keepass:keepass:2.20
-
cpe:2.3:a:keepass:keepass:2.20.1
-
cpe:2.3:a:keepass:keepass:2.21
-
cpe:2.3:a:keepass:keepass:2.22
-
cpe:2.3:a:keepass:keepass:2.23
-
cpe:2.3:a:keepass:keepass:2.24
-
cpe:2.3:a:keepass:keepass:2.25
-
cpe:2.3:a:keepass:keepass:2.26
-
cpe:2.3:a:keepass:keepass:2.27
-
cpe:2.3:a:keepass:keepass:2.28
-
cpe:2.3:a:keepass:keepass:2.29
-
cpe:2.3:a:keepass:keepass:2.30
-
cpe:2.3:a:keepass:keepass:2.31
-
cpe:2.3:a:keepass:keepass:2.32
-
cpe:2.3:a:keepass:keepass:2.33
-
cpe:2.3:a:keepass:keepass:2.4.1