CVE-2016-3077: Buffer Overflow
First published: Tue Mar 29 2016(Updated: )
It was found that parsing complicated kernel version numbers leads to array index out-of-bounds exception in VersionMapper.fromKernelVersionString method. A malicious user with access to VM could configure it so that it reports a version number that causes API to crash. When the VM with crafted kernel version number is reported among with other VMs, the representation retrieving operation will fail also for all other VMs. Product bug: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED CURRENTRELEASE - CVE-2016-3077 The API crashes when parsing unexpected version numbers" href="show_bug.cgi?id=1311616">https://bugzilla.redhat.com/show_bug.cgi?id=1311616</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Ovirt-engine |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3077
- vendor/redhat
- canonical/redhat ovirt-engine