#VU1622 Double free error in Oracle Server applications


Published: 2016-12-21 | Updated: 2018-05-01

Vulnerability identifier: #VU1622

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-0705

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Solaris
Operating systems & Components / Operating system
Oracle Linux
Operating systems & Components / Operating system
MySQL Server
Server applications / Database software
Oracle Communications Session Border Controller
Server applications / Remote management servers, RDP, SSH

Vendor: Oracle

Description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 10 - 11.3

MySQL Server: 5.6.29, 5.7.11

Oracle Communications Session Border Controller: 7.2.0 - 7.3.0

Oracle Linux: 6 - 7

CPE

External links
http://exchange.xforce.ibmcloud.com/vulnerabilities/111140

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter
Multiple vulnerabilities in IBM FlashSystem models 840 and 900
Multiple vulnerabilities in IBM Cognos Analytics
Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition
Multiple vulnerabilities in IBM Algo One Core
Multiple vulnerabilities in IBM MQ
Multiple vulnerabilities in IBM Cognos Controller
OpenSUSE Linux update for nodejs
Multiple vulnerabilities in SAN Volume Controller and Storwize Family
Multiple vulnerabilities in IBM BladeCenter Advanced Management Module (AMM)