Your submission was sent successfully! Close

CVE-2016-4804

Published: 19 May 2016

The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.

Priority

Medium

CVSS 3 base score: 6.2

Status

Package Release Status
dosfstools
Launchpad, Ubuntu, Debian
precise
Released (3.0.12-1ubuntu1.3)
trusty
Released (3.0.26-1ubuntu0.1)
upstream
Released (4.0-1)
wily
Released (3.0.28-1ubuntu0.1)
xenial
Released (3.0.28-2ubuntu0.1)
yakkety Not vulnerable
(4.0-2ubuntu1)
zesty Not vulnerable
(4.0-2ubuntu1)
Patches:
upstream: https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52