CVE-2016-6254

Published: 19 August 2016

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

From the Ubuntu security team

It was discovered that collectd mishandled certain malformed packets. A remote attacker could use this vulnerablility to cause collectd to crash or possibly execuite arbitrary code.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
collectd
Launchpad, Ubuntu, Debian
Upstream
Released (5.5.2-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(5.7.2-2ubuntu1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(5.7.2-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(5.7.2-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(5.7.2-2ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed