← Back

CVE-2016-3068

nvd nist
Published: Apr 13, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Affected (18)

Show all products
Debian: Debian Linux · Mercurial: Mercurial · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Hpc Node Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation · Opensuse: Opensuse, Leap · Suse: Linux Enterprise Debuginfo, Linux Enterprise Software Development Kit
Debian
1 product
Debian Linux
Mercurial
1 product
Mercurial
Fedoraproject
1 product
Fedora
Redhat
7 products
Enterprise Linux Desktop
Enterprise Linux Hpc Node
Enterprise Linux Hpc Node Eus
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Workstation
Opensuse
2 products
Opensuse
Leap
Suse
2 products
Linux Enterprise Debuginfo
Linux Enterprise Software Development Kit
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Mercurial
Up to 3.7.2
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 22
Fedora
Version 23
Configuration D
7 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 7.0
Enterprise Linux Hpc Node
Version 7.0
Enterprise Linux Hpc Node Eus
Version 7.2
Enterprise Linux Server
Version 7.0
Enterprise Linux Server Aus
Version 7.2
Enterprise Linux Server Eus
Version 7.2
Enterprise Linux Workstation
Version 7.0
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Version 13.2
Linux Enterprise Debuginfo
Version 11 sp4
Suse
Linux Enterprise Software Development Kit
Version 11 sp4
Linux Enterprise Software Development Kit
Version 12
Linux Enterprise Software Development Kit
Version 12 sp1
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 42.1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (28)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Issue TrackingPatch
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.