mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
292 lines
8.6 KiB
JSON
292 lines
8.6 KiB
JSON
{
|
|
"id": "CVE-2016-3841",
|
|
"sourceIdentifier": "security@android.com",
|
|
"published": "2016-08-06T20:59:01.297",
|
|
"lastModified": "2024-11-21T02:50:46.613",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La pila IPv6 en el kernel de Linux en versiones anteriores a 4.3.3 no maneja adecuadamente datos de las opciones, lo que permite a usuarios locales obtener privilegios o provocar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n y ca\u00edda de sistema) a trav\u00e9s de una llamada al sistema sendmsg manipulada."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.3,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.3,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"baseScore": 7.2,
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-264"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-416"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "3.2.75",
|
|
"matchCriteriaId": "447A331C-5777-435D-B7B6-89333DF274DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.3",
|
|
"versionEndExcluding": "3.12.52",
|
|
"matchCriteriaId": "A295287A-BB88-4CFD-87C7-50B32381CB3A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.13",
|
|
"versionEndExcluding": "3.16.35",
|
|
"matchCriteriaId": "618CC578-24BB-4653-8BFF-A78157E4CA91"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.17",
|
|
"versionEndExcluding": "3.18.25",
|
|
"matchCriteriaId": "1CE06EBF-9588-4C87-A85F-8224C668D218"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.19",
|
|
"versionEndExcluding": "4.1.15",
|
|
"matchCriteriaId": "ADBB2F61-0B30-49A5-AD68-4AE1CE14E13D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.2",
|
|
"versionEndExcluding": "4.2.8",
|
|
"matchCriteriaId": "C905FCE9-FF1B-40C3-8890-A85C16CEF336"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.3",
|
|
"versionEndExcluding": "4.3.3",
|
|
"matchCriteriaId": "C9A419EE-0665-4EE4-B055-B8E76DEA1BE8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Issue Tracking",
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-2695.html",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://source.android.com/security/bulletin/2016-08-01.html",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Release Notes"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/92227",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/torvalds/linux/commit/45f6fad84cc305103b28d73482b344d7f5b76f39",
|
|
"source": "security@android.com",
|
|
"tags": [
|
|
"Issue Tracking",
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Issue Tracking",
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-2695.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://source.android.com/security/bulletin/2016-08-01.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Release Notes"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/92227",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/torvalds/linux/commit/45f6fad84cc305103b28d73482b344d7f5b76f39",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Issue Tracking",
|
|
"Patch"
|
|
]
|
|
}
|
|
]
|
|
} |