Input validation error in Oracle Berkeley DB - CVE-2016-3418
Published: April 21, 2016 / Updated: August 4, 2020
Vulnerability identifier: #VU33757
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3418
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle Berkeley DB
Oracle Berkeley DB
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-0694.
How to mitigate CVE-2016-3418
Install update from vendor's website.