Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2016-4489

Integer Overflow or Wraparound

Published: Feb 24, 2017 | Modified: Jul 28, 2017
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:P
RedHat/V3
5.9 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-4489
CWEhttps://cwe.mitre.org/data/definitions/190.html

Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the demangling of virtual tables.

Weakness

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Affected Software

Name Vendor Start Version End Version
Libiberty Gnu * *
Binutils Ubuntu esm-infra/xenial *
Binutils Ubuntu precise *
Binutils Ubuntu precise/esm *
Binutils Ubuntu trusty *
Binutils Ubuntu trusty/esm *
Binutils Ubuntu upstream *
Binutils Ubuntu wily *
Binutils Ubuntu xenial *
Binutils Ubuntu yakkety *
Binutils-h8300-hms Ubuntu artful *
Binutils-h8300-hms Ubuntu bionic *
Binutils-h8300-hms Ubuntu cosmic *
Binutils-h8300-hms Ubuntu devel *
Binutils-h8300-hms Ubuntu disco *
Binutils-h8300-hms Ubuntu eoan *
Binutils-h8300-hms Ubuntu esm-apps/bionic *
Binutils-h8300-hms Ubuntu esm-apps/focal *
Binutils-h8300-hms Ubuntu esm-apps/jammy *
Binutils-h8300-hms Ubuntu esm-apps/noble *
Binutils-h8300-hms Ubuntu esm-apps/xenial *
Binutils-h8300-hms Ubuntu focal *
Binutils-h8300-hms Ubuntu groovy *
Binutils-h8300-hms Ubuntu hirsute *
Binutils-h8300-hms Ubuntu impish *
Binutils-h8300-hms Ubuntu jammy *
Binutils-h8300-hms Ubuntu kinetic *
Binutils-h8300-hms Ubuntu lunar *
Binutils-h8300-hms Ubuntu mantic *
Binutils-h8300-hms Ubuntu noble *
Binutils-h8300-hms Ubuntu oracular *
Binutils-h8300-hms Ubuntu precise *
Binutils-h8300-hms Ubuntu trusty *
Binutils-h8300-hms Ubuntu wily *
Binutils-h8300-hms Ubuntu xenial *
Binutils-h8300-hms Ubuntu yakkety *
Binutils-h8300-hms Ubuntu zesty *
Gcc-arm-none-eabi Ubuntu artful *
Gcc-arm-none-eabi Ubuntu esm-apps/xenial *
Gcc-arm-none-eabi Ubuntu trusty *
Gcc-arm-none-eabi Ubuntu wily *
Gcc-arm-none-eabi Ubuntu xenial *
Gcc-arm-none-eabi Ubuntu yakkety *
Gcc-arm-none-eabi Ubuntu zesty *
Gcc-h8300-hms Ubuntu artful *
Gcc-h8300-hms Ubuntu bionic *
Gcc-h8300-hms Ubuntu cosmic *
Gcc-h8300-hms Ubuntu devel *
Gcc-h8300-hms Ubuntu disco *
Gcc-h8300-hms Ubuntu eoan *
Gcc-h8300-hms Ubuntu esm-apps/bionic *
Gcc-h8300-hms Ubuntu esm-apps/focal *
Gcc-h8300-hms Ubuntu esm-apps/jammy *
Gcc-h8300-hms Ubuntu esm-apps/noble *
Gcc-h8300-hms Ubuntu esm-apps/xenial *
Gcc-h8300-hms Ubuntu focal *
Gcc-h8300-hms Ubuntu groovy *
Gcc-h8300-hms Ubuntu hirsute *
Gcc-h8300-hms Ubuntu impish *
Gcc-h8300-hms Ubuntu jammy *
Gcc-h8300-hms Ubuntu kinetic *
Gcc-h8300-hms Ubuntu lunar *
Gcc-h8300-hms Ubuntu mantic *
Gcc-h8300-hms Ubuntu noble *
Gcc-h8300-hms Ubuntu oracular *
Gcc-h8300-hms Ubuntu precise *
Gcc-h8300-hms Ubuntu trusty *
Gcc-h8300-hms Ubuntu wily *
Gcc-h8300-hms Ubuntu xenial *
Gcc-h8300-hms Ubuntu yakkety *
Gcc-h8300-hms Ubuntu zesty *
Gccxml Ubuntu esm-apps/xenial *
Gccxml Ubuntu precise *
Gccxml Ubuntu trusty *
Gccxml Ubuntu wily *
Gccxml Ubuntu xenial *
Gdb Ubuntu precise *
Gdb Ubuntu trusty *
Gdb Ubuntu vivid/stable-phone-overlay *
Gdb Ubuntu vivid/ubuntu-core *
Gdb Ubuntu wily *
Gdb Ubuntu xenial *
Ht Ubuntu artful *
Ht Ubuntu esm-apps/xenial *
Ht Ubuntu precise *
Ht Ubuntu trusty *
Ht Ubuntu wily *
Ht Ubuntu xenial *
Ht Ubuntu yakkety *
Ht Ubuntu zesty *
Libiberty Ubuntu trusty *
Libiberty Ubuntu wily *
Libiberty Ubuntu xenial *
Libiberty Ubuntu yakkety *
Nescc Ubuntu artful *
Nescc Ubuntu bionic *
Nescc Ubuntu cosmic *
Nescc Ubuntu disco *
Nescc Ubuntu eoan *
Nescc Ubuntu esm-apps/bionic *
Nescc Ubuntu esm-apps/focal *
Nescc Ubuntu esm-apps/jammy *
Nescc Ubuntu esm-apps/xenial *
Nescc Ubuntu focal *
Nescc Ubuntu groovy *
Nescc Ubuntu hirsute *
Nescc Ubuntu impish *
Nescc Ubuntu jammy *
Nescc Ubuntu kinetic *
Nescc Ubuntu lunar *
Nescc Ubuntu mantic *
Nescc Ubuntu trusty *
Nescc Ubuntu wily *
Nescc Ubuntu xenial *
Nescc Ubuntu yakkety *
Nescc Ubuntu zesty *
Sdcc Ubuntu artful *
Sdcc Ubuntu bionic *
Sdcc Ubuntu cosmic *
Sdcc Ubuntu esm-apps/bionic *
Sdcc Ubuntu esm-apps/xenial *
Sdcc Ubuntu precise *
Sdcc Ubuntu trusty *
Sdcc Ubuntu wily *
Sdcc Ubuntu xenial *
Sdcc Ubuntu yakkety *
Sdcc Ubuntu zesty *
Valgrind Ubuntu precise *
Valgrind Ubuntu trusty *
Valgrind Ubuntu wily *
Valgrind Ubuntu xenial *
Valgrind Ubuntu yakkety *

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
  • Understand the programming language’s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, “not-a-number” calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use