CVE-2016-10642

Name of the Vulnerable Software and Affected Versions cmake (affected versions not specified)

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts the connection and swaps the requested binary with a malicious one. The vulnerability can be exploited if the attacker has a privileged network position.

Recommendations To mitigate the issue, consider avoiding the use of this package if possible, or use a different package as an alternative. Install the cmake binaries via a system package manager, such as apt-get, to reduce the risk of exploitation. As a temporary measure, avoid installing the package while connected to a public network to minimize the risk of exploitation.