Arbitrary code execution - CVE-2016-2342
Published: October 10, 2016 / Updated: October 10, 2016
Vulnerability identifier: #VU813
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-2342
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote unauthenticatd user to cause arbitrary code execution on the target system.
The weakness is due to buffer overflow caused by improper validation of the upper-bound length of received Labeled-VPN SAFI routes data. To exploit the vulnerability attackers can send a specially crafted packets to the system.
Successful exploitation of the weakness results in arbitrary code execution or even denial of service on the vulnerable system.
The weakness is due to buffer overflow caused by improper validation of the upper-bound length of received Labeled-VPN SAFI routes data. To exploit the vulnerability attackers can send a specially crafted packets to the system.
Successful exploitation of the weakness results in arbitrary code execution or even denial of service on the vulnerable system.
How to mitigate CVE-2016-2342
Update to version 1.0.20160315 or later.