9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.054 Low
EPSS
Percentile
93.2%
Issue Overview:
A heap-based buffer overflow in the parse_packet function in network.c in collectd allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
Affected Packages:
collectd
Issue Correction:
Run yum update collectd to update your system.
New Packages:
i686:
collectd-gmond-5.4.1-1.11.amzn1.i686
collectd-java-5.4.1-1.11.amzn1.i686
collectd-lvm-5.4.1-1.11.amzn1.i686
collectd-bind-5.4.1-1.11.amzn1.i686
collectd-ipvs-5.4.1-1.11.amzn1.i686
collectd-rrdcached-5.4.1-1.11.amzn1.i686
collectd-generic-jmx-5.4.1-1.11.amzn1.i686
collectd-amqp-5.4.1-1.11.amzn1.i686
collectd-memcachec-5.4.1-1.11.amzn1.i686
collectd-postgresql-5.4.1-1.11.amzn1.i686
collectd-web-5.4.1-1.11.amzn1.i686
collectd-dbi-5.4.1-1.11.amzn1.i686
collectd-email-5.4.1-1.11.amzn1.i686
collectd-mysql-5.4.1-1.11.amzn1.i686
collectd-rrdtool-5.4.1-1.11.amzn1.i686
collectd-curl_xml-5.4.1-1.11.amzn1.i686
collectd-nginx-5.4.1-1.11.amzn1.i686
collectd-snmp-5.4.1-1.11.amzn1.i686
perl-Collectd-5.4.1-1.11.amzn1.i686
collectd-curl-5.4.1-1.11.amzn1.i686
collectd-notify_email-5.4.1-1.11.amzn1.i686
collectd-debuginfo-5.4.1-1.11.amzn1.i686
collectd-ipmi-5.4.1-1.11.amzn1.i686
collectd-5.4.1-1.11.amzn1.i686
collectd-iptables-5.4.1-1.11.amzn1.i686
collectd-dns-5.4.1-1.11.amzn1.i686
collectd-varnish-5.4.1-1.11.amzn1.i686
collectd-apache-5.4.1-1.11.amzn1.i686
collectd-netlink-5.4.1-1.11.amzn1.i686
src:
collectd-5.4.1-1.11.amzn1.src
x86_64:
collectd-web-5.4.1-1.11.amzn1.x86_64
collectd-5.4.1-1.11.amzn1.x86_64
collectd-postgresql-5.4.1-1.11.amzn1.x86_64
collectd-gmond-5.4.1-1.11.amzn1.x86_64
collectd-mysql-5.4.1-1.11.amzn1.x86_64
collectd-snmp-5.4.1-1.11.amzn1.x86_64
collectd-rrdcached-5.4.1-1.11.amzn1.x86_64
collectd-varnish-5.4.1-1.11.amzn1.x86_64
collectd-notify_email-5.4.1-1.11.amzn1.x86_64
collectd-apache-5.4.1-1.11.amzn1.x86_64
collectd-generic-jmx-5.4.1-1.11.amzn1.x86_64
collectd-lvm-5.4.1-1.11.amzn1.x86_64
collectd-rrdtool-5.4.1-1.11.amzn1.x86_64
collectd-memcachec-5.4.1-1.11.amzn1.x86_64
collectd-netlink-5.4.1-1.11.amzn1.x86_64
collectd-java-5.4.1-1.11.amzn1.x86_64
collectd-ipvs-5.4.1-1.11.amzn1.x86_64
collectd-ipmi-5.4.1-1.11.amzn1.x86_64
collectd-bind-5.4.1-1.11.amzn1.x86_64
collectd-debuginfo-5.4.1-1.11.amzn1.x86_64
collectd-email-5.4.1-1.11.amzn1.x86_64
collectd-dbi-5.4.1-1.11.amzn1.x86_64
collectd-curl_xml-5.4.1-1.11.amzn1.x86_64
collectd-nginx-5.4.1-1.11.amzn1.x86_64
collectd-curl-5.4.1-1.11.amzn1.x86_64
collectd-dns-5.4.1-1.11.amzn1.x86_64
perl-Collectd-5.4.1-1.11.amzn1.x86_64
collectd-iptables-5.4.1-1.11.amzn1.x86_64
collectd-amqp-5.4.1-1.11.amzn1.x86_64
Red Hat: CVE-2016-6254
Mitre: CVE-2016-6254
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | collectd-gmond | < 5.4.1-1.11.amzn1 | collectd-gmond-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-java | < 5.4.1-1.11.amzn1 | collectd-java-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-lvm | < 5.4.1-1.11.amzn1 | collectd-lvm-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-bind | < 5.4.1-1.11.amzn1 | collectd-bind-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-ipvs | < 5.4.1-1.11.amzn1 | collectd-ipvs-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-rrdcached | < 5.4.1-1.11.amzn1 | collectd-rrdcached-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-generic-jmx | < 5.4.1-1.11.amzn1 | collectd-generic-jmx-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-amqp | < 5.4.1-1.11.amzn1 | collectd-amqp-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-memcachec | < 5.4.1-1.11.amzn1 | collectd-memcachec-5.4.1-1.11.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | collectd-postgresql | < 5.4.1-1.11.amzn1 | collectd-postgresql-5.4.1-1.11.amzn1.i686.rpm |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.054 Low
EPSS
Percentile
93.2%