CVE-2016-4973: Buffer Overflow
First published: Thu Apr 07 2016(Updated: )
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Libssp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2016/08/17/6
- http://www.securityfocus.com/bid/92530
- https://bugzilla.redhat.com/show_bug.cgi?id=1324759
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=50460
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1144750&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1144750&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1144751&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1144751&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1145808&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1145808&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c10
- http://gcc.gnu.org/PR69383
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1324759#c15
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1165477&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1165477&action=edit
Frequently Asked Questions
What is the severity of CVE-2016-4973?
CVE-2016-4973 has a severity rating that indicates it could allow local users to perform buffer overflow attacks.
How do I fix CVE-2016-4973?
To fix CVE-2016-4973, ensure that your binaries are compiled with updated stack protection settings and consider using the Object Size Checking feature.
Who is affected by CVE-2016-4973?
CVE-2016-4973 affects binaries compiled using the libssp library in GCC for stack smashing protection.
What can be exploited in CVE-2016-4973?
CVE-2016-4973 can be exploited due to the lack of Object Size Checking, which can lead to buffer overflow vulnerabilities.
Is CVE-2016-4973 a remote vulnerability?
CVE-2016-4973 is not a remote vulnerability; it requires local access for exploitation.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-4973
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/gnu libssp