Bug 1360709 (CVE-2016-6254) - CVE-2016-6254 collectd: heap overflow in the network plugin
Summary: CVE-2016-6254 collectd: heap overflow in the network plugin
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-6254
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1360710 1360711 1364915 1366931 1366932 1366933 1366934 1395690
Blocks: 1360712
TreeView+ depends on / blocked
 
Reported: 2016-07-27 11:24 UTC by Martin Prpič
Modified: 2021-02-17 03:31 UTC (History)
26 users (show)

Fixed In Version: collectd 5.5.2, collectd 5.4.3
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow flaw was found in collectd's network plugin. The flaw allowed a remote attacker to crash the collectd daemon (denial of service) or possibly execute remote code using a crafted network packet. For this flaw to be exploited, the network plugin must be enabled.
Clone Of:
Environment:
Last Closed: 2017-02-06 05:26:40 UTC
Embargoed:

Attachments (Terms of Use)

Description Martin Prpič 2016-07-27 11:24:35 UTC 
The following flaw was found in collectd:

Emilien Gaspar has identified a heap overflow in collectd's network plugin which can be triggered remotely and is potentially exploitable. The identifier CVE-2016-6254 has been assigned to this issue.

This issue has been fixed in the released 5.5.2 and 5.4.3.

Upstream patches:

https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7

The second patch is unrelated to CVE-2016-6254. It fixes an initialization issue with libgcrypt which could theoretically lead to a half-initialized library being used.
Comment 1 Martin Prpič 2016-07-27 11:25:30 UTC 
Created collectd tracking bugs for this issue:

Affects: fedora-all [bug 1360710]
Affects: epel-all [bug 1360711]
Note You need to log in before you can comment on or make changes to this bug.