Vulnerability Details CVE-2016-9427
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html
- http://www.openwall.com/lists/oss-security/2016/11/18/3
- http://www.securityfocus.com/bid/94407
- https://github.com/ivmai/bdwgc/issues/135
- https://lists.debian.org/debian-lts-announce/2022/03/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html
- http://www.openwall.com/lists/oss-security/2016/11/18/3
- http://www.securityfocus.com/bid/94407
- https://github.com/ivmai/bdwgc/issues/135
- https://lists.debian.org/debian-lts-announce/2022/03/msg00039.html
Products affected by CVE-2016-9427
-
cpe:2.3:a:bdwgc_project:bdwgc:1.9
-
cpe:2.3:a:bdwgc_project:bdwgc:2.4
-
cpe:2.3:a:bdwgc_project:bdwgc:2.6
-
cpe:2.3:a:bdwgc_project:bdwgc:3.3
-
cpe:2.3:a:bdwgc_project:bdwgc:3.6
-
cpe:2.3:a:bdwgc_project:bdwgc:3.7
-
cpe:2.3:a:bdwgc_project:bdwgc:4.0
-
cpe:2.3:a:bdwgc_project:bdwgc:4.1
-
cpe:2.3:a:bdwgc_project:bdwgc:4.10
-
cpe:2.3:a:bdwgc_project:bdwgc:4.11
-
cpe:2.3:a:bdwgc_project:bdwgc:4.12
-
cpe:2.3:a:bdwgc_project:bdwgc:4.13
-
cpe:2.3:a:bdwgc_project:bdwgc:4.13-
-
cpe:2.3:a:bdwgc_project:bdwgc:4.13alpha1
-
cpe:2.3:a:bdwgc_project:bdwgc:4.13alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:4.13alpha3
-
cpe:2.3:a:bdwgc_project:bdwgc:4.14
-
cpe:2.3:a:bdwgc_project:bdwgc:4.14-
-
cpe:2.3:a:bdwgc_project:bdwgc:4.14alpha1
-
cpe:2.3:a:bdwgc_project:bdwgc:4.14alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:4.2
-
cpe:2.3:a:bdwgc_project:bdwgc:4.3
-
cpe:2.3:a:bdwgc_project:bdwgc:4.4
-
cpe:2.3:a:bdwgc_project:bdwgc:4.5
-
cpe:2.3:a:bdwgc_project:bdwgc:4.6
-
cpe:2.3:a:bdwgc_project:bdwgc:4.7
-
cpe:2.3:a:bdwgc_project:bdwgc:4.8
-
cpe:2.3:a:bdwgc_project:bdwgc:4.9
-
cpe:2.3:a:bdwgc_project:bdwgc:5.0
-
cpe:2.3:a:bdwgc_project:bdwgc:5.0alpha1
-
cpe:2.3:a:bdwgc_project:bdwgc:5.0alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:5.0alpha3
-
cpe:2.3:a:bdwgc_project:bdwgc:5.0alpha4
-
cpe:2.3:a:bdwgc_project:bdwgc:5.3
-
cpe:2.3:a:bdwgc_project:bdwgc:6.0
-
cpe:2.3:a:bdwgc_project:bdwgc:6.0-
-
cpe:2.3:a:bdwgc_project:bdwgc:6.0alpha3
-
cpe:2.3:a:bdwgc_project:bdwgc:6.0alpha8
-
cpe:2.3:a:bdwgc_project:bdwgc:6.1
-
cpe:2.3:a:bdwgc_project:bdwgc:6.1-
-
cpe:2.3:a:bdwgc_project:bdwgc:6.1alpha1
-
cpe:2.3:a:bdwgc_project:bdwgc:6.1alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:6.1alpha4
-
cpe:2.3:a:bdwgc_project:bdwgc:6.2
-
cpe:2.3:a:bdwgc_project:bdwgc:6.2-
-
cpe:2.3:a:bdwgc_project:bdwgc:6.2alpha3
-
cpe:2.3:a:bdwgc_project:bdwgc:6.2alpha4
-
cpe:2.3:a:bdwgc_project:bdwgc:6.2alpha5
-
cpe:2.3:a:bdwgc_project:bdwgc:6.2alpha6
-
cpe:2.3:a:bdwgc_project:bdwgc:6.3
-
cpe:2.3:a:bdwgc_project:bdwgc:6.3-
-
cpe:2.3:a:bdwgc_project:bdwgc:6.3alpha1
-
cpe:2.3:a:bdwgc_project:bdwgc:6.3alpha4
-
cpe:2.3:a:bdwgc_project:bdwgc:6.3alpha5
-
cpe:2.3:a:bdwgc_project:bdwgc:6.3alpha6
-
cpe:2.3:a:bdwgc_project:bdwgc:6.4
-
cpe:2.3:a:bdwgc_project:bdwgc:6.5
-
cpe:2.3:a:bdwgc_project:bdwgc:6.6
-
cpe:2.3:a:bdwgc_project:bdwgc:6.7
-
cpe:2.3:a:bdwgc_project:bdwgc:6.8
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0-
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0alpha1
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0alpha3
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0alpha4
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0alpha5
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0alpha7
-
cpe:2.3:a:bdwgc_project:bdwgc:7.0alpha9
-
cpe:2.3:a:bdwgc_project:bdwgc:7.1
-
cpe:2.3:a:bdwgc_project:bdwgc:7.1-
-
cpe:2.3:a:bdwgc_project:bdwgc:7.1alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:7.1alpha3-20080220
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2-
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2alpha4
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2alpha5
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2alpha6
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2b
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2c
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2d
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2d-freebsd
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2e
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2f
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2g
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2h
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2i
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2j
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2k
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2l
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2m
-
cpe:2.3:a:bdwgc_project:bdwgc:7.2n
-
cpe:2.3:a:bdwgc_project:bdwgc:7.3
-
cpe:2.3:a:bdwgc_project:bdwgc:7.3alpha2
-
cpe:2.3:a:bdwgc_project:bdwgc:7.4.0
-
cpe:2.3:a:bdwgc_project:bdwgc:7.4.2
-
cpe:2.3:a:bdwgc_project:bdwgc:7.4.4
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:opensuse:leap:42.1
-
cpe:2.3:o:opensuse:leap:42.2
-
cpe:2.3:o:opensuse:opensuse:13.2