#VU1622 Double free error in Oracle Server applications

Published: 2016-12-21 | Updated: 2018-05-01

Vulnerability identifier: #VU1622

Vulnerability risk: Low


CVE-ID: CVE-2016-0705


Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Solaris
Operating systems & Components / Operating system
Oracle Linux
Operating systems & Components / Operating system
MySQL Server
Server applications / Database software
Oracle Communications Session Border Controller
Server applications / Remote management servers, RDP, SSH

Vendor: Oracle

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 10 - 11.3

MySQL Server: 5.6.29, 5.7.11

Oracle Communications Session Border Controller: 7.2.0 - 7.3.0

Oracle Linux: 6 - 7


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability