#VU32285 Improper access control in Mercurial - CVE-2016-3105


| Updated: 2020-07-28

Vulnerability identifier: #VU32285

Vulnerability risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-3105

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mercurial
Client/Desktop applications / Other client software

Vendor: Mercurial

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Mercurial: 3.0 - 3.7.3

External links
https://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html
https://www.debian.org/security/2016/dsa-3570
https://www.securityfocus.com/bid/90536
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
https://security.gentoo.org/glsa/201612-19
https://selenic.com/hg/rev/a56296f55a5e
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper access control in mercurial (Alpine package)
Improper access control in libidn (Alpine package)
Improper access control in Mercurial
Slackware Linux update for mercurial