CVE-2016-8390 - Vulnerability Details - OpenCVE

ReportizFlow

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cryptic-apps	Hopper Disassembler

Configuration 1 [-]

cpe:2.3:a:cryptic-apps:hopper_disassembler:3.11.20:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/93801
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2018-06-04T19:00:00Z

Updated: 2024-09-16T18:19:03.280Z

Reserved: 2016-09-29T00:00:00

Link: CVE-2016-8390

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-04T19:29:00.333

Modified: 2024-11-21T02:59:16.640

Link: CVE-2016-8390

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Hopper", "vendor": "Talos", "versions": [{"status": "affected", "version": "Hoppler Disassembler 3.11.20"}]}], "datePublic": "2016-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T19:16:35", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "93801", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93801"}, {"tags": ["x_refsource_MISC"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_PUBLIC": "2016-10-18T00:00:00", "ID": "CVE-2016-8390", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Hopper", "version": {"version_data": [{"version_value": "Hoppler Disassembler 3.11.20"}]}}]}, "vendor_name": "Talos"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 7.5, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote code execution"}]}]}, "references": {"reference_data": [{"name": "93801", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93801"}, {"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:20:31.100Z"}, "title": "CVE Program Container", "references": [{"name": "93801", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93801"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2016-8390", "datePublished": "2018-06-04T19:00:00Z", "dateReserved": "2016-09-29T00:00:00", "dateUpdated": "2024-09-16T18:19:03.280Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cryptic-apps:hopper_disassembler:3.11.20:*:*:*:*:*:*:*", "matchCriteriaId": "CE73AE28-BF81-47E3-A10B-3D86EF8DD7FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de escritura fuera de l\u00edmites en el an\u00e1lisis de las cabeceras de secci\u00f3n ELF de Hopper Dissassembler 3.11.20. Un archivo ELF especialmente manipulado puede provocar aritm\u00e9tica de punteros controlada por el atacante, lo que resulta en una escritura fuera de l\u00edmites parcialmente controlada. Un atacante puede manipular un archivo ELF con cabeceras de secci\u00f3n espec\u00edficas para desencadenar esta vulnerabilidad."}], "id": "CVE-2016-8390", "lastModified": "2024-11-21T02:59:16.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2018-06-04T19:29:00.333", "references": [{"source": "[email protected]", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93801"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}