Gentoo update for Libical
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-5823 CVE-2016-5824 |
| CWE-ID | CWE-416 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU17267
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-5823
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error when processing a specially crafted ics file. A remote attackers can cause a denial of service (use-after-free).
MitigationUpdate the affected packages.
dev-libs/libical to version: 3.0.0
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201904-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Use-after-free
EUVDB-ID: #VU17266
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-5824
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a use-after-free error when processing ics Calendar files. A remote attackers can trick the victim to open a specially crafted calendar file, trigger user-after-free error and crash the affected application.
Update the affected packages.
dev-libs/libical to version: 3.0.0
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201904-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
