CVE-2016-8859

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TRE library versions (affected versions not specified) musl libc versions (affected versions not specified)

Description The issue is related to multiple integer overflows in the TRE library and musl libc, which can be exploited by attackers to cause memory corruption. This can be achieved by providing a large number of states or tags, resulting in an out-of-bounds write.

Recommendations For TRE library versions, consider applying configuration changes to limit the number of states or tags that can be processed to prevent memory corruption. For musl libc versions, restrict access to the library to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2024-13885

CVE-2016-8859

DLA-687-1

MGASA-2016-0395

OPENSUSE-SU-2020:0554-1

OPENSUSE-SU-2020_0554-1

OPENSUSE-SU-2024:10901-1

OPENSUSE-SU-2024:11475-1

USN-4768-1

Affected Products

Alt Linux

Suse

Tre Library

Ubuntu

Musl Libc

CVE-2016-8859

Weakness Enumeration

Related Identifiers

Affected Products

References · 64