← Back

CVE-2016-3630

nvd nist
Published: Apr 13, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

Affected (11)

Show all products
Fedoraproject: Fedora · Opensuse: Leap, Opensuse · Mercurial: Mercurial · Debian: Debian Linux · Suse: Linux Enterprise Debuginfo, Linux Enterprise Software Development Kit
Fedoraproject
1 product
Fedora
Opensuse
2 products
Leap
Opensuse
Mercurial
1 product
Mercurial
Debian
1 product
Debian Linux
Suse
2 products
Linux Enterprise Debuginfo
Linux Enterprise Software Development Kit
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 22
Fedora
Version 23
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 42.1
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Mercurial
Up to 3.7.2
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Version 13.2
Linux Enterprise Debuginfo
Version 11 sp4
Suse
Linux Enterprise Software Development Kit
Version 11 sp4
Linux Enterprise Software Development Kit
Version 12
Linux Enterprise Software Development Kit
Version 12 sp1

Related CWEs

CWE-19
CWE-19

References (24)

Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Mailing ListVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.