Input validation error in Oracle Berkeley DB - CVE-2016-0689
Published: April 21, 2016 / Updated: August 4, 2020
Vulnerability identifier: #VU33754
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-0689
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle Berkeley DB
Oracle Berkeley DB
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.
How to mitigate CVE-2016-0689
Install update from vendor's website.