The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2016-6559
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c may allow an attacker to read or write from memory.
The full impact and severity depends on the method of exploit and how the library is used by applications. An attacker may be able to execute arbitrary code, but CERT/CC is currently unaware of a proof of concept.
Apply an update
Thanks to the reporter who wishes to remain anonymous.
This document was written by Garret Wassermann.
|Date First Published:||2016-12-06|
|Date Last Updated:||2016-12-08 22:54 UTC|