Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2016-3630
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-13 Apr, 2016 | 16:59
Updated At-12 Apr, 2025 | 10:46

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Fedora Project
fedoraproject
>>fedora>>22
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>23
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
mercurial
mercurial
>>mercurial>>Versions up to 3.7.2(inclusive)
cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_debuginfo>>11
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>11
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_software_development_kit>>12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-19Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.htmlcve@mitre.org
Mailing List
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.htmlcve@mitre.org
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.htmlcve@mitre.org
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.htmlcve@mitre.org
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.htmlcve@mitre.org
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.htmlcve@mitre.org
Mailing List
Vendor Advisory
http://www.debian.org/security/2016/dsa-3542cve@mitre.org
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlcve@mitre.org
Third Party Advisory
https://security.gentoo.org/glsa/201612-19cve@mitre.org
Third Party Advisory
https://selenic.com/repo/hg-stable/rev/b6ed2505d6cfcve@mitre.org
Third Party Advisory
https://selenic.com/repo/hg-stable/rev/b9714d958e89cve@mitre.org
Third Party Advisory
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29cve@mitre.org
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://www.debian.org/security/2016/dsa-3542af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201612-19af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://selenic.com/repo/hg-stable/rev/b6ed2505d6cfaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://selenic.com/repo/hg-stable/rev/b9714d958e89af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Change History
0Changes found
Details not found