#VU10656 Memory corruption in Gnu - CVE-2016-10713


Vulnerability identifier: #VU10656

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-10713

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Gnu
Operating systems & Components / Operating system

Vendor: GNU

Description
The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds access within pch_write_line() in pch.c. A local attacker can supply a specially crafted input, trigger memory corruption and cause the system to crash.

Mitigation
Update to version 2.7.6-1.

Vulnerable software versions

Gnu: 2.7.0 - 2.7.6

External links
https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb045...

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for GNU patch
SUSE Linux update for patch
OpenSUSE Linux update for patch
SUSE Linux update for patch
Memory corruption in patch (Alpine package)
Fedora 26 update for patch
Fedora 27 update for patch
Arch Linux update for GNU