CVE-2016-0771

MEDIUM Year: 2016
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-119
View all →

Vulnerability Description

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.

Related Vulnerabilities

CVE-2013-5571

MEDIUM
CVSS:5.9(Medium)

HMailServer 5.3.x and prior: Memory Corruption which could cause DOS

CWE-1192013

CVE-2015-5314

MEDIUM
CVSS:5.9(Medium)

The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal...

CWE-1192015

CVE-2015-5315

MEDIUM
CVSS:5.9(Medium)

The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a net...

CWE-1192015

CVE-2015-8878

MEDIUM
CVSS:5.9(Medium)

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory co...

CWE-1192015

CVE-2016-2519

MEDIUM
CVSS:5.9(Medium)

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a ...

CWE-1192016

CVE-2016-2522

MEDIUM
CVSS:5.9(Medium)

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows...

CWE-1192016